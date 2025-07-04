Nearly 53 per cent of Indian companies that were hit by ransomware attacks paid the ransom to get their data back, a new report has said.

“This year’s survey found that nearly 53 per cent of Indian companies paid the ransom to get their data back, which is a considerable drop from the 65 per cent reported last year,” cybersecurity company Sophos said in its annual “State of Ransomware in India 2025” report.

The report is a vendor-agnostic survey of 3,400 IT and cybersecurity leaders across 17 countries, including 378 organisations in India that were hit by ransomware in the last year.

“In India, ransomware payment dynamics shifted notably over the past year. The median ransom demand fell by 52 per cent, from USD 2 million to USD 961,289, while the median payment dropped even more sharply by 79 per cent to USD 481,636,” the report said.

Although 41 per cent of Indian organisations paid less than the original demand, nearly half paid the full amount, and 12 per cent paid even more, underscoring the unpredictable outcomes many face during ransomware incidents, it said.

“Beyond ransom payments, organisations also spent an average of USD 1.01 million on recovery, highlighting the broader financial toll of ransomware attacks,” the report said.

Exploited vulnerabilities were the most common technical root cause of ransomware attacks, used in 29 per cent of attacks. They are followed by compromised credentials, which were the start of 22 per cent of attacks. Malicious emails were used in 21 per cent of attacks.

