Kiran Shetty was dumbfounded. A middle-aged owner of a small family-run jewellery store in Mysore, Shetty found himself unable to access the files he used to run his business on. It was only when he received an email from an unknown source did he realise that his PC had been hacked. The mail didn’t claim responsibility for encrypting Shetty’s files. Instead, it purported to be from a vendor offering to help him access his files again as long as he paid $10,000 for a decryption solution.

Shetty had just been rudely introduced to the world of ransomware. Simply put, ransomware locks access to a victim’s data and holds it hostage in return for money.

In an increasingly digital world, where both work and play are moving online, it is natural to expect cyber-crimes to explode lock in step. While media stories on high-profile incidents like the Pegasus snooping saga sporadically draw attention to this murky world, most people and companies largely gloss over these threats… right until it hits them in the face.

But if you thought that these schemes targeted only small and easy victims like Kiran Shetty, you would be mistaken. From large consulting companies like Accenture to tech behemoths like Apple, no one is being spared. Venture capital firms and government agencies are equally vulnerable. So much so that multiple experts now believe that 2021 will be the year of ransomware year of ransomware BostonDigital Is 2021 the Year of Ransomware? Read more .

What’s more, India is poised to earn the dubious honour of topping the list of countries hit by ransomware. A recent global study by security firm SophosLabs put India at the top of the charts, with a whopping 68% of respondents reporting being hit by ransomware last year. Around 67% of Indian organisations admitted to paying a ransom to get their data back, double the global average of 32%.

Devil and the deep sea

Refusing to pay the ransom can have dire consequences. Victims can find their information leaked online or sold to competitors or nefarious agencies. But those who do pay might not be spared either—victims have no control over what the hackers can do with their data after payment is made.

The scary part is that both these reported numbers are almost certainly far lower than the actual numbers. Companies are loath to reveal details unless they are obliged to do so because they are public companies. That was the case case The Record EpsilonRed ransomware group hits one of India’s financial software powerhouses Read more with Nucleus Software Exports, a publicly-listed Indian company providing lending software to banks and retail stores.