Cybersecurity Guide
Ransomware attacks on Indian businesses increased by over 200% in recent years. A ransomware attack encrypts all your company files — customer data, financial records, emails — and demands payment (typically in Bitcoin) to decrypt them. Many Indian SMBs pay the ransom or lose their data entirely. This guide shows you how to prevent an attack and recover if one occurs.
Yes. Under CERT-In's April 2022 directions, all organisations in India must report cyber security incidents — including ransomware attacks — to CERT-In within 6 hours of discovery. Failure to report can result in penalties under the IT Act.
Generally, no. Paying ransom does not guarantee file recovery — many businesses pay and never receive working decryption keys. It also funds criminal organisations and makes your business a repeat target. The best approach is prevention and clean backups. If you have a verified clean backup, you can restore without paying.
A basic but effective protection stack for 20 employees: Sophos Endpoint (₹30,000-50,000/year for 20 devices), cloud backup to AWS S3 (₹2,000-5,000/month), basic firewall (₹15,000-30,000 one-time hardware + ₹5,000/year licence). Total: approximately ₹1-1.5 lakhs per year for solid protection.
Worried about ransomware hitting your business? National IT Service offers free cybersecurity assessments. We'll identify your vulnerabilities before attackers do.