Numerous government departments and the technology sector are among the primary targets of recent ransomware attacks in India, with health care, banking, manufacturing, and online commerce also affected.
The most common type of cyberattack deploys encrypting ransomware, which encrypts a victim's data and demands a ransom for the decryption key.
According to a report released in July by Check Point, a global cybersecurity company, India saw a 46% year-on-year increase in overall cyberattacks in the second quarter of 2024.
In an incident from early August, 300 small Indian banks were forced to shut down online payment systems for a day due to a ransomware attack on IT provider C-Edge Technologies
In a major incident last year, hackers attacked the prestigious All India Institute of Medical Sciences in Delhi, causing server shutdowns and disrupting health services.
In 2019, the southern states of Telangana and Andhra Pradesh were targeted by a ransomware attack that disrupted power utility systems.
Another recent report by Sophos, a cybersecurity company, showed that the impact of such attacks on Indian companies has grown more severe, with ransom demands and recovery costs increasing year-on-year.
It also found that 65% of those hit by ransomware were inclined to pay the ransom to recover the data, with the average cost for data being $1.35 million (€ 1.21 million). The average ransom demand was $4.8 million, with 62 % of demands exceeding $1 million.
More data protection needed
Cyber experts and IT specialists told DW that the number of Indian companies facing such attacks will increase unless stronger cybersecurity measures are in place to protect sensitive information.
"Companies are not serious on their IT policies. Mere investment and migration to cloud services for internal policies are inadequate. Companies have been blatantly ignoring the compliance requirements and advisories being given by regulators," Milind Dewanji director of Pace computers, an IT hardware services company, told DW.
Dewanji added that the role of the Chief Information Officer (CIO) has become more vital, and that cyber threats need to be taken seriously on the managerial level.
"Data is being compromised at times by immature behavior on part of employees resulting in being an easy target," he said.
"The larger conglomerates and banks have disaster recovery capability and solutions in place, but still prefer to pay the amount asked … to ensure business continuity," Dewanji added.
Vishal Vasu, director and chief technology officer of Dev Information Technology, an IT services and solutions company, pointed out that cybercriminals are becoming more aggressive, exploiting technology and behavioral vulnerabilities.
The recent ransomware attack on C-Edge Technologies exemplified the severe impact these attacks can have on critical sectors.
"Such incidents raise significant concerns about the vulnerabilities within the financial infrastructure and the potential for widespread disruption if firms choose to pay ransoms rather than strengthening their cybersecurity measures," Vasu told DW.
"Cooperative and rural banks must prioritize investments in cybersecurity, including the implementation of comprehensive backup and recovery systems. They should also engage in regular employee training and awareness programs to foster a security culture," he added.
Small businesses vulnerable
Attacks on Micro, Small & Medium Enterprises (MSMEs), which are vital to the Indian economy, have been a particular cause for concern.
Given that MSMEs account for over 40% of India's total exports, many feel it is imperative to adopt proactive measures to mitigate the risk of ransomware attacks.
"MSME companies do not take [data] backup as a critical requirement and have a casual approach," said Dewanji.
"Here, the government must play a significant part in augmenting their skills to understand the nature of such attacks," he added.
Companies under-reporting ransomware attacks
Pawan Duggal, a cyber law expert, who has studied the issue closely, said India is beginning to see corporate ransomware fatigue as companies are falling behind on compliance.
"Most companies are not reporting ransomware attacks as part of their statutory duty to report cybersecurity breaches," Duggal told DW.
"As corporate [data] backup regimes fall behind for a variety of reasons, and as companies do not have much time, they are relying more on making payments for ransom," Duggal added.
The expert said India lacks a dedicated legal framework to deal with the challenges of ransomware.
"India needs to quickly come up with a dedicated new legal framework to deal with the challenges of ransomware. Data is the most precious commodity in today's data economy," added Duggal.
According to Cybersecurity Ventures, which provides research and reports on the costs of cybercrime, ransomware is a global threat that is set to cost victims around $265 billion annually by 2031.
It predicts, with every new attack ransomware, perpetrators progressively refine their malware payloads and related extortion activities.
