New Delhi: Sophos, a cybersecurity solution, has released its sixth annual State of Ransomware 2025 report, offering crucial insights into how organisations in India and globally are dealing with the persistent threat of ransomware. The report, based on a survey of 3,400 IT and cybersecurity professionals across 17 countries—including 378 organisations in India affected by ransomware—reveals that 53% of Indian companies paid the ransom to regain access to their data. While this figure is still significant, it reflects a decline from 65% reported in 2024, suggesting growing awareness and improved readiness among Indian organisations.
The report highlights a notable shift in India’s ransomware payment dynamics. The median ransom demand dropped by 52%, from US$2 million to US$961,289, while the median payment plummeted by 79% to US$481,636. Despite the decline, 12% of companies paid more than the demand, highlighting the unpredictability of ransomware negotiations. In total, Indian businesses spent an average of US$1.01 million on recovery efforts, emphasizing the broader financial impact beyond just ransom payouts.
Sunil Sharma, Vice President – Sales (India and SAARC), Sophos, commented, “Ransomware continues to be a harsh reality for many Indian businesses. Even as awareness improves, organisations are still grappling with challenges like unpatched vulnerabilities, limited cybersecurity resources, or simply not having the right support in place when an attack strikes. The pressure on IT teams is immense, and often, paying the ransom feels like the only option to get operations back on track.”
He further added, “The positive shift we’re beginning to see is that more Indian organisations now understand the value of preparedness. At Sophos, we’re supporting this change by helping companies strengthen their defences through MDR, advanced endpoint protection, and real-time threat intelligence. The focus is steadily moving from reacting to incidents to building long-term cyber resilience, and that’s a change worth encouraging.”
Key India-Specific Insights from the 2025 Report:
- Common attack vectors included exploited vulnerabilities (29%), compromised credentials (22%), and malicious emails (21%).
- Operational gaps were cited as major contributors: 41% of organisations mentioned staffing or protection quality issues, and 39% lacked the necessary cybersecurity tools or services.
- Data theft persists: In attacks where data was encrypted, 31% of Indian organisations also experienced data theft.
- Ransom demands shift: 49% of ransom demands were for US$1 million or more, down from 62% the previous year.
- Team stress increases: 46% of respondents reported heightened stress or anxiety over future threats, and 42% noted increased pressure from leadership.
- Dual recovery strategies: While 53% paid the ransom, 51% also used data backups—indicating a layered approach to recovery.
Sophos recommends that businesses adopt the following best practices:
- Patch and eliminate known vulnerabilities; tools like Sophos Managed Risk help assess and mitigate risks.
- Defend all endpoints with anti-ransomware technologies.
- Prepare and test an incident response plan regularly.
- Ensure 24/7 threat detection via in-house teams or trusted MDR providers.
The survey was conducted between January and March 2025, and Sophos will release additional findings throughout the year.
