Numerous government departments and the technology sector are among the primary targets of recent ransomware attacks in India, significantly impacting health care, banking, manufacturing, and online commerce. According to a report released in July by Check Point, a global cybersecurity company, India experienced a 46% year-on-year increase in overall cyberattacks in the second quarter of 2024.
In early August, a ransomware attack on IT provider C-Edge Technologies forced 300 small Indian banks to shut down online payment systems for a day. This incident highlights the growing vulnerability of critical sectors to cyber threats. A major attack last year on the All India Institute of Medical Sciences in Delhi caused severe disruptions in health services.
Cybersecurity firm Sophos reported that the impact of ransomware attacks on Indian companies is intensifying, with ransom demands and recovery costs increasing annually. The average ransom demand now stands at $4.8 million, with 62% of demands exceeding $1 million. Alarmingly, 65% of companies affected by ransomware felt compelled to pay the ransom, with recovery costs averaging $1.35 million.
Experts warn that without stronger cybersecurity measures, the number of Indian companies facing such attacks will continue to rise. Milind Dewanji, director of Pace Computers, emphasized the need for serious IT policies and compliance with regulatory requirements. He noted that larger firms often prefer to pay ransoms to ensure business continuity, raising concerns about the overall financial infrastructure's vulnerabilities.
Vishal Vasu, CTO of Dev Information Technology, pointed out that cybercriminals are becoming more aggressive, capitalizing on both technological and behavioral weaknesses. He urged cooperative and rural banks to invest in robust cybersecurity measures, including comprehensive backup systems and employee training.
Attacks on Micro, Small & Medium Enterprises (MSMEs), which account for over 40% of India's total exports, are particularly alarming. Dewanji highlighted that many MSMEs adopt a casual approach to data backup, which increases their vulnerability. He called for government intervention to enhance awareness and skills regarding such cyber threats.
Cyber law expert Pawan Duggal noted that India is witnessing corporate ransomware fatigue, as many companies fail to report attacks due to compliance issues. He stressed the urgent need for a dedicated legal framework to address ransomware challenges in India, as the country falls behind in protecting its critical data assets.
Globally, ransomware is projected to cost victims around $265 billion annually by 2031, according to Cybersecurity Ventures. As perpetrators refine their methods, the threat continues to escalate, necessitating immediate and coordinated international responses.