Indian Firms Paying Over ₹4 Crore on Average in Ransomware Demands, Says Sophos Report

Despite a drop in overall ransom demands, Indian companies are still paying a median of over ₹4 crore (USD 481,636) to cybercriminals to regain access to their data, according to the latest State of Ransomware 2025 report from UK-based cybersecurity firm Sophos. The report paints a worrying picture of the financial toll cyber attacks continue to exact on Indian businesses. Even though the median ransom demand fell by 52%—from $2 million last year to around $ 961,000—companies are spending an average of over ₹8 crore (USD 1.01 million) on recovery costs per attack.

Many Still Paying Up Despite Falling Demands
More than half (53%) of Indian organisations surveyed admitted to paying a ransom to recover their data. That’s lower than last year’s 65%, but it still shows how frequently companies are forced to negotiate with attackers.
Interestingly, the outcomes of these negotiations varied widely:
 

Nearly half paid the full amount.

12% actually ended up paying more than what was first demanded.

How Attackers Are Breaking In

The Sophos report, which surveyed around 3,400 IT and cybersecurity leaders globally—including 378 in India who faced ransomware in the past year—highlighted how these attacks typically happen.
The most common technical root causes were:

Exploited vulnerabilities (29%)

Compromised credentials (22%)

On the organisational side, 41% of companies blamed staffing shortages or inadequate capacity for their vulnerability, while 39% admitted they lacked the necessary cybersecurity products or services.

High Demands Still Common

Even though the overall ransom demand has fallen, 49% of Indian companies reported demands of USD 1 million or more—down from 62% last year but still alarmingly high.

About 31% of Indian organisations said their data was stolen during attacks involving encryption—a slight improvement from 34% the previous year but still a major risk.

While companies are paying less on average in ransom, the cost of recovering from ransomware attacks remains painfully high. The report is a stark reminder that **investing in strong cybersecurity measures is no longer optional—but essential—for Indian businesses navigating a growing threat landscape.