Two Thirds of Indian Companies Have been Targeted with Ransomware

Sophos has published a new State of Enterprise Security Report that provides insight into the main threats faced by organizations around the world.

The report was based on a survey conducted on 2,700 IT managers based in 10 countries (USA, UK, Canada, France, Germany, India, South Africa, Japan, Mexico, and Australia).

One of the key points from the report is the extent to which Indian businesses are being attacked and just how vulnerable Indian companies are to malware and ransomware attacks. The report reveals more than two thirds of Indian companies have experienced a ransomware attack – substantially more than businesses based in other countries. Further, rather than shoring up defenses to protect against future attacks, many Indian businesses have remained vulnerable. One third of businesses in India have experienced two or more ransomware attacks in the past year.

The cost of mitigating ransomware attacks is considerable. The Sophos report indicates three percent of companies have spent more than $13.74 million mitigating ransomware attacks, with Indian companies having spent the most – $1.17 million.

Sophos notes that the global average for infected devices is 46.09%, although in India it is 54%. Attacks are also being targeted on specific industry sectors, with healthcare the most targeted and most vulnerable sector. 76% of attacks were conducted on healthcare organizations.

So why is India so vulnerable to ransomware attacks? According to the survey, it is not due to running out-of-date software. Most Indian businesses claimed they keep their software and operating systems fully patched and up to date. Sophos suggests that the high prevalence of ransomware attacks is due to 70% of Indian businesses failing to use anti-exploit technology.

Ransomware attacks have become far more sophisticated over the past year with threat actors now using multiple ransomware variants and attack methods simultaneously to maximize the probability of success. Sophos reports that campaigns have been identified that involve four different ransomware families. Cybersecurity solutions need to detect all four variants, although in many cases, one slips past security defenses.

Threat actors are also not relying on spam email alone to install malicious software. In addition to using multiple malware variants, multiple attack methods are used such as exploiting RDP, using spam email, and conducting web-based attacks.  The use of multiple malware variants and attack methods maximizes the probability of threat actors discovering at least one loophole in security defenses.

Sophos also notes that the increase in BYOD adoption, use of the cloud, and proliferation of IoT devices has broadened the attack surface considerably which makes it easier for cybercriminals and harder for companies to defend against attacks.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of