Sophos Report: 64% of Indian Enterprises Under Fire from Ransomware Assaults

Sophos Report: Discover the latest insights on ransomware trends in India with Sophos' newly released "State of Ransomware in India 2024" report.

Manisha Sharma
New Update


Sophos has recently published its annual "State of Ransomware in India 2024" report. This detailed analysis shows that ransomware attacks against Indian organisations have dropped dramatically from 73% to 64% in the previous year. Despite this decrease, the impact on victims has gotten worse, as shown by higher ransom demands and recovery costs when compared to previous years.


Based on a survey of 5,000 IT decision-makers in 14 countries, including 500 in India, conducted in January and February 2024, the report offers insight into the evolving ransomware landscape. For the first time, Indian companies are more inclined to rely on backups (52%), pay the ransom (65%), or both in order to recover data. The average ransom demand is $4.8 million, with 62% of demands exceeding $1 million. The median ransom payment is $2 million.

Key highlights from the India report include:

In attacks against Indian victims, 44% of the impacted computers were encrypted on average.

34% of attacks included encryption in addition to data theft, a small drop from the prior year.

The average amount spent recovering from an attack was $1.35 million, excluding ransom payments.

Up from 59% in 2022, 61% of victims were able to retrieve their data in less than a week.

96% of victims reported the attack to the police, and 70% of them got help with the investigation.


As the most economical means of avoiding ransomware, Sunil Sharma, Vice President of Sales for India and SAARC at Sophos, emphasised the significance of prevention. He emphasized the importance of robust defense-in-depth cybersecurity measures, including 24/7 monitoring, anti-ransomware software, and thorough backup and recovery procedures. To make an organization more resilient to ongoing attacks, security posture, and incident response plans must be reviewed on a regular basis.

The report's global findings provide further insights:

Of those who pay ransom, only 24% pay the full amount demanded, and 44% pay less than that.

Typically, a ransom payment covers 94% of the original amount demanded.

Eighty-two percent of ransom funding cases come from multiple sources, with insurance companies contributing 23 percent and organisations contributing 40 percent.

94% of ransomware-affected organisations reported that attempts were made to compromise their backups during the attack; in state and local government, this number rose to 99%.

Data theft also happened in 32% of incidents involving encrypted data, giving attackers more power to demand ransom.

John Shier, the field chief technology officer at Sophos, cautioned against complacency despite a slight decline in attack rates. He emphasised that ransomware attacks remain the primary threat, increasing expenses and bolstering the cybercrime economy. Ransomware groups are diverse and cater to a range of cybercriminals, Shier emphasized.

To strengthen defenses against ransomware and other cyber threats, Sophos recommends several best practices, such as comprehending risk profiles, putting endpoint protection in place like Sophos Intercept X, deploying round-the-clock threat detection, keeping incident response plans up to date, and routinely backing up data.