NEW DELHI :
Indian firms are facing an onslaught of ransomware attacks amid growing digital transformation brought on by the pandemic. According to a report by American cybersecurity firm Palo Alto Networks, ransomware attacks on organizations in India increased by 218% in 2021.
According to the report, Maharashtra was the most targeted state, accounting for 42% of all attacks in India. Software and services(26%), capital goods (14%) and the public sector (9%) were among the most targeted sectors. India is now the tenth most targeted country globally and second after Australia in the APAC (Asia-Pacific) region.
Ransomware is a type of malware that encrypts data and holds it hostage. The attackers ask companies and individuals to pay a ransom, usually using cryptocurrencies, in order to regain access to the data. However, experts pointed out that only in rare cases does the company get all its data back, even after paying the ransom. Vicky Ray is Principal Researcher, Unit 42 at Palo Alto Networks, said while India has always been in the top 10 in terms of ransomware attacks, the number of attacks intensified three times in 2021, as compared to the previous year.
Another report from French tech firm Thales, published on Thursday, said one in four Indian organizations suffered a ransomware attack in 2021, which was higher than the global average of 21%. Out of the targeted organizations, 30% saw significant business disruption after the attack.
Ransomware groups have upped the ante in recent years using double extortion tactics, in which they steal critical data, like IP (intellectual property) and source codes, before locking the company out of their systems. They then threaten to make the stolen data public if the ransom is not paid. Many ransomware groups are also asking partners and customers of targeted companies for a ransom, which is known as a triple extortion tactic.
The increase in attacks can also be attributed to the widening nexus of threats. Many hacker groups offer ransomware-as-a-service (RaaS) so anyone can rent this type of threat including infrastructure, negotiating with victims, or extortion websites where stolen information can be posted. The ransom is then split between the affiliate partners.
The increase in attacks is not the only concern that organizations have to deal with though. According to Palo Alto Networks, the average ransom demand climbed by 144% to $2.2 million in 2021 from $900,000 a year ago, while the average payment rose 78% to $541,000 globally in 2021.
Ray explained the amount demanded from organizations in India is not going to be any lower than global firms as India is among the more economically profitable regions for hacker groups. “The fact that attacks are growing in India is a sign that organizations are paying,” he added.
Vishak Raman, director, security business, Cisco, India and SAARC, said paying a ransom might look like the easiest alternative, but it doesn’t guarantee that all data will be restored.
According to an October 2021 report by Gartner, on average, only 65% of the data is recovered and only 8% of organizations manage to recover all of their data. While 32% organizations paid additional ransom to get access to data, two out of every 10 companies surveyed never got back their entire data even after repeated payments.
The fact that organizations are paying more now has also emboldened the ransomware groups. “The willingness to pay creates a dangerous loop and increases the motivation of attackers,” warned Sundar Balasubramanian, managing director, India, and SAARC at Check Point Software Technologies.