top of page

Membership is FREE so join today to receive your welcome pack and access to all of our cyber security advice and resources.

Want to improve your cyber resilience?

To pay or not to pay, that is the question: things to consider if you are a victim of a ransomware attack

Florists laptop showing locked screen requesting a password. Florist has been subjected to a ransomware attack

What is ransomware?

Ransomware is a major digital threat facing our community. Ransomware is a cyber attack where a criminal gets their software onto your device or network which then encrypts all of your data and locks you out of your devices. This renders you without access to your devices, without access to your data, and critically, it releases your data to an unknown third party. The criminals then claim to have the decryption key which can release your devices and data but they will only provide this if payment is made... hence the name ransomware.

Realising that you are the victim of a ransomware attack is a stressful situation for any organisation, but before you rush to the bank, there are a few things to consider...

Top Tips

  1. Assess the impact of the attack on your business.

    1. How can your business adapt to be able to operate while the attack is ongoing?

    2. What data has been compromised?

    3. Consider legal advice. Do you need to disclose the data leak to the Information Commissioners Office (ICO)? .

    4. What is the financial impact of not paying? Consider business disruption, security improvements, staff overtime, legal expenses, penalties.

    5. How are your staff affected? Stressful situations can affect your staff's mental health, and ensure welfare is continually considered throughout recovery.

  2. Be aware that paying does not guarantee access to your devices or data

    1. Remember that you are dealing with criminals, there is no guarantee that they will hold their end of the bargain.

    2. If they do supply a decryption key, it can take a long time to get the system back in order.

    3. Reverting to a previous backup may end up being more efficient.

    4. Paying criminals does not count as risk mitigation and the ICO does not consider this to reduce any penalty due.

  3. Report the incident to UK authorities.

    1. Use this link to find out which government organisation is best to report the incident to:

    2. Contact your local CRC (SWCRC) for support with signposting to NCSC advice and local trusted partners who can help you.

What can I do to prevent a ransomware attack?

  1. If you haven't already, action the SWCRC's cyber resilience beginner level guidance (Join Our Community)

  2. Get Cyber Essentials (CE) certification. Consider Cyber Essentials Plus (CE+) which requires a physical audit of your cyber resilience.

  3. Check to see if your supply chain is CE or CE+ certified. Consider changing suppliers or recommending CE to them.

The NCSC have a full list of considerations which you can see here:


bottom of page