What Is Ransomware? A Guide for UK Businesses
Ransomware is malicious software that encrypts your files and demands payment for the decryption key. It is the most financially damaging cyber threat facing UK businesses, with attacks increasing in frequency and sophistication year on year.
Direct Answer
Ransomware is a type of malware that encrypts a victim's files, rendering them inaccessible, and demands a ransom payment (usually in cryptocurrency) in exchange for the decryption key. Modern ransomware often includes 'double extortion' — attackers also steal data before encrypting it, threatening to publish sensitive information if the ransom is not paid. For UK businesses, prevention through layered security controls is far more effective and less costly than responding to an active ransomware incident. Ransomware among UK businesses more than doubled from less than 0.5% to 1% — approximately 19,000 businesses affected. 70% of UK ransomware attacks resulted in data being encrypted — up from 46% in 2024.
How to Protect Your Business from Ransomware
Effective ransomware protection requires multiple layers working together.
Email Security
Phishing emails are the most common delivery mechanism for ransomware. Advanced email filtering and DMARC/SPF/DKIM authentication reduce the risk significantly.
Endpoint Detection (EDR)
EDR monitors device behaviour in real time, catching ransomware before it can encrypt files — even if the malware is brand new and unknown to signature-based tools.
Tested Backups
Immutable, air-gapped backups that are regularly tested are your last line of defence. If ransomware gets through, backups let you recover without paying.
Staff Awareness
Training staff to recognise phishing emails and suspicious links reduces the likelihood of ransomware gaining initial access.
Patch Management
Keeping software and operating systems updated closes the vulnerabilities that ransomware exploits to spread across networks.
24/7 Monitoring
Security Operations Centre monitoring detects ransomware activity in its early stages — before encryption begins — enabling rapid containment.
Ransomware Response: Pay vs Recover vs Prevent
The cost and outcome of different approaches to ransomware.
| Feature | Pay Ransom£50K–£500K+ | Recover (No Backup)£20K–£200K+ | Prevent (Managed)£15–£25/user/moRecommended |
|---|---|---|---|
| Data recovered | Maybe (no guarantee) | Partial | N/A (attack prevented) |
| Downtime | Days to weeks | Days to weeks | Minimal |
| Legal/regulatory risk | High | High | Low |
| Reputational damage | Significant | Significant | None |
| Funds future attacks |
Ransom amounts and recovery costs vary significantly based on business size and attack severity.
Frequently Asked Questions
UK law enforcement and the NCSC advise against paying ransoms. Payment does not guarantee data recovery, funds criminal organisations, and marks your business as a willing payer for future attacks. Instead, focus on restoring from tested backups and engaging incident response specialists. With 19,000 UK businesses hit by ransomware in 2025 (Sophos), having a tested recovery plan is far more reliable than relying on attacker cooperation.
The most common entry points are phishing emails containing malicious attachments or links, exposed Remote Desktop Protocol (RDP) services, and exploitation of unpatched software vulnerabilities. With 85% of businesses that experienced a breach identifying phishing as the attack vector (DSIT 2025), email security and staff awareness training are your most important preventive controls against ransomware infection.
Tested, immutable backups stored separately from your production network are the primary recovery mechanism after a ransomware attack. Without them, businesses face paying the ransom or permanently losing data. Critically, backups must be tested regularly — untested backups frequently fail during actual recovery. The average cost of the most disruptive breach is £3,550 (DSIT 2025), but organisations with verified backups recover significantly faster and at lower cost.
Protect Your Business from Ransomware
A free security assessment identifies your ransomware risk and recommends practical improvements.
Protect your business → Get Cybersecurity Assessment