According to the State of Ransomware in India 2025 report, the median payout towards ransom was USD 481,636 (about Rs 4 crore), down 79 per cent from the previous year.
New Delhi: UK-based cybersecurity firm Sophos on Wednesday claimed that 53 per cent of Indian companies that faced ransomware attacks in 2024 paid the hackers to get their data back.
According to the State of Ransomware in India 2025 report, the median payout towards ransom was USD 481,636 (about Rs 4 crore), down 79 per cent from the previous year.
The findings are based on a survey commissioned by Sophos and conducted during January-March 2025. As many as 378 Indian IT and cybersecurity firms affected by a ransomware attack were part of the study.
However, the survey did not name any companies which fell prey to cyberattacks and paid the ransom for recovery of data.
“The median ransom demand fell by 52 per cent, from USD 2 million to USD 961,289, while the median payment dropped even more sharply by 79 per cent to USD 481,636,” the report said.
Even though companies are paying less ransom, they spend a lot of money fixing the damage caused by these attacks. On average, Indian companies spend about USD 1.01 million on recovery costs, excluding the ransom money, the report said.
The most common technical causes of ransomware attacks were exploited vulnerabilities (29 per cent), compromised credentials (22 per cent), and malicious emails (21 per cent).
Operational challenges such as lack of skilled personnel, poor-quality protection, and insufficient cybersecurity products were cited by around 40 per cent of respondents as contributing factors to ransomware victimization.