As many as 67% Indian businesses were hit by ransomware, a new survey report by UK market researcher Vanson Bourne has revealed. What’s more worrisome, 91% of them claimed to be running up-to-date endpoint protection when attacked. India had the highest level of infection among the 10 countries, followed by Mexico, U.S., and Canada. The global average of attacked companies is 54%. This study, sponsored by British IT security company Sophos, surveyed 2,700 IT managers in organizations of size 100-5,000 users and recorded data for November 2017. Of the total respondents, 300 were from India.

The median cost of a ransomware attack is nearly US$133,000. The most common cost organizations experienced was between $13,000 and $70,000. This amount includes not only the ransom paid but also other financial impacts of the attacks—downtime, work hours, device cost, network cost etc.

The propensity to suffer a ransomware attack varies greatly by industry sector. Healthcare stands out with 76% of respondents falling victim in the last year. At the other end of the scale, financial services are the sector least likely to have suffered a breach, though even that industry felt the pressure with 45% of respondents attacked by ransomware.

Companies unaware

While almost all respondents agreed for the need of anti-exploit technology, over half of the organizations surveyed (54%) say they don’t have anti-exploit technology on the endpoint in place. Exploits are the techniques used to take advantage of vulnerabilities in software.

Once inside a system, cybercriminals use complex malware that can hide in memory or camouflage itself. In many cases, businesses do not know they’ve been breached until someone finds a large cache of stolen data on the Dark Web.

More than 9 in 10 attacked companies in India claimed to have endpoint protection, which shows the lack of understanding on ransomware and the need for specialised protection. Only 28% of Indian respondents could correctly define what an anti-exploit software meant. This also suggests that a significant proportion of organisations have a misplaced belief that they are protected from such attacks.

With ransomware threat escalating, organisations are turning to predictive prevention technologies such as deep learning and machine learning. India is the most optimistic about the new technologies.