New Delhi Indian firms are facing an increasing number of ransomware attacks in 2021, as cybercriminals try to compromise their infrastructure to crack larger companies.
According to a survey by US security firm CrowdStrike and market research firm Vanson Bourne, nearly half (49%) of organizations in India faced multiple ransomware attacks, while 76% were affected by at least one ransomware attack in the past 12 months . This is more than any other country, the December 7 report said.
Several Indian companies also acceded to the attackers’ demands for extortion to escape the attack. The report found that 27% of Indian companies had paid extortion fees ranging from $500,000 to $1 million. India accounted for the highest average extortion fee payments ($1.128 million) on top of the ransom. The report said that the average ransom amount paid by Indian companies was $2.92 million, while 26% of Indian companies also paid ransoms of $5 million to $10 million.
“Cyber attacks are on the rise globally and we are seeing a similar trend in India,” said Mark Gaudi, CrowdStrike’s Director of Apeejay Services.
India has seen a huge increase in the adoption of IT and digital technologies in response to the disruption caused by the COVID-19 pandemic and the shift to remote and hybrid work models.
Last week, global research firm Gartner also predicted that Indian companies would spend over $100 billion on IT infra. Security researchers have said the shift to remote and hybrid work has expanded the “attack surface” and made Indian companies easier targets for ransomware attacks. The attack surface is the total number of points of entry for a hacker.
Gaudi said Covid has created a fertile ground for threat actors to capitalize on security vulnerabilities, but attacks continue to rise even after the pandemic’s second year. “Most of this is the threat to the actors developing their strategies, techniques and processes, but also that organizations still rely on legacy security solutions that are not fit for purpose,” he said.
He warned that Indian organizations have limited access to threat intelligence, which is exacerbating the problem. He added that investing in threat intelligence and threat hunting services can help mitigate the risks. Threat Intelligence is the information that an organization needs to have in advance of a cyber attack, whereas Threat Hunting is the process of actively looking for bugs and other pain points in IT Infra.
On the bright side, Indian companies seem to be prepared to tackle ransomware attacks in the future. CrowdStrike’s report shows that 60% of companies have a comprehensive strategy in place to coordinate response, while 72% said they trust their IT security, which is also among the highest globally.
Never miss a story! Stay connected and informed with Mint.
download
Our App Now!!
,