India is the second most targeted country by ransomware in the Asia-Pacific and Japan region in 2022, up from the third spot in 2021, a new report said on Tuesday.

In 2022, Maharashtra was the most-targeted state with 36 percent of ransomware attacks, while New Delhi was at second, according to the Palo Alto Networks 2023 Unit 42 Ransomware and Extortion report.

The report, which is based on insights compiled from approximately 1,000 cases over the past 18 months, notes that ransomware demands continue to be a major issue for organisations. Unit 42 observed payments as high as $7 million, with a median demand of $650,000 and a median payment of $350,000. However, the report also highlights that effective negotiation can drive down actual payments

The report highlights that harassment is now involved 20 times more often than in 2021, with attackers using phone calls and emails to target specific individuals in the C-suite, customers, and other individuals. This strategy is often used to coerce organisations into paying ransom demands.

Also Read: Just 24% companies in India battle-ready for modern cybersecurity risks: CISCO Study

"Ransomware and extortion groups are forcing their victims into a pressure cooker, with the ultimate goal of increasing their chances of getting paid," said Wendi Whitmore, senior vice president and head of Unit 42 at Palo Alto Networks.

The report also notes that ransomware groups are attacking society's most vulnerable, with a particular spike in attacks on schools and hospitals. The report reveals that manufacturing was the most targeted industry in 2022, with 447 compromised organisations publicly exposed on leak sites.

The most active ransomware groups include Lockbit 2.0, BianLian, and Stormous.

The report also reveals that attackers are layering extortion techniques to apply greater pressure on organisations to pay the ransom. Some of these tactics include encryption, data theft, distributed denial of service (DDoS) and harassment. Data theft, which is often associated with dark web leak sites, was the most common of the extortion tactics, with 70 percent of groups using it by late 2022, a 30 percentage point increase from the year prior.

Also Read: 81 users lose Rs 1 crore in 16 days — Here's how fraudsters are conning people

Organisations based in the US were most severely publicly affected, with 42 percent of the observed leaks in 2022, followed by Germany and the UK, accounting for nearly five percent each.

The report also said that 30 organisations on the Forbes Global 2000 list were publicly impacted by extortion attempts in 2022.

Since 2019, at least 96 of these organisations have had confidential files publicly exposed to some degree as part of attempted extortion.

The report provides additional details on tactics used by threat actors, the most impacted industries and regions, and recommendations for organisations to protect themselves.

Also Read: Hitachi Energy Group hit by cyber-attack, says network operations not compromised