The Sophos report highlights that hackers used methods such as malicious emails, phishing and brute-force attacks to gain access. (Representational Image: Reuters/File)
A new survey by cyber security company Sophos has revealed that most of the ransomware cases in India are caused by cyber criminals exploiting existing vulnerabilities to fulfill their agenda.
Ransomware incidents have increased in the country, with 73 percent of Indian organizations saying they were victims of such attacks in 2022. Mumbai
Cyber security company Sophos released the latest report after conducting a survey between January and March, which covered 14 countries including India. The team received responses from 3,000 IT or cyber security leaders in mid-sized organizations, including 300 respondents in India.
“With nearly three-quarters of Indian organizations reporting that they have been victims of ransomware criminals, a lot of work needs to be done. The key to reducing this number is to find aggressively working to take less time to respond.”
Presenting the report on Wednesday, Sunil Sharma, managing director of sales (India and SAARC) at Sophos, said that according to the findings, Chennai, Bengaluru and Kolkata are facing the highest number of ransomware attacks followed by Delhi and Mumbai.
Sharma said there is no particular reason why Chennai, Bengaluru and Kolkata top the list. In most of the ransomware cases in India, cyber criminals exploited existing vulnerabilities to fulfill their agenda. In 35 percent of such cases, hackers attacked systems by exploiting vulnerabilities; And compromised certificates were found to be the root cause in 33 per cent cases.
“If an attacker finds some vulnerabilities in the infrastructure, they try to go through those holes to enter the organization,” Sharma said.
He said: “In another survey, it was found that people were using the same password which they got during registration and deployment. They didn’t even bother to change it.
The Sophos report also highlights that hackers used other methods such as malicious emails, phishing and brute-force attacks to gain access. Additionally, it also showed that in 77 percent of the companies that were attacked, hackers encrypted data while in 38 percent of cases, they stole data. While 44 percent of those with encrypted data in India paid the ransom, less than 50 percent of respondents whose organization paid the ransom shared the exact amount.
But in terms of data recovery, backup is the most common method and 73 percent of the respondents used this method. But 85 percent of private sector companies in India said they had suffered a loss of business or revenue because of the attack.
“Laws always drive governance, which is always positive in my opinion. So laws like the Digital India Act and the Digital Personal Data Protection Bill that are going to be introduced are going to hit organizations in the right way,” Sharma Talking about the impact of these laws on the Indian ecosystem, said.
The official further talked about the awareness in India about such digital threats. “Many people are aware of cyber security issues and what kind of security they should use for their devices. But considering the huge population of the country I believe there is a long way to go.’
