TESTIMONIALS

โ€œReceived the latest edition of Professional Security Magazine, once again a very enjoyable magazine to read, interesting content keeps me reading from front to back. Keep up the good work on such an informative magazine.โ€

Graham Penn
ALL TESTIMONIALS
FIND A BUSINESS

Would you like your business to be added to this list?

ADD LISTING
FEATURED COMPANY
Commercial

Ransomware attack warning

by Mark Rowe

The police’s Report Fraud centre is urging the UK to protect themselves and their businesses from the active threat of ransomware attacks; especially small businesses. Report Fraud says that 323 organisations reported a ransomware attack between April 2025 and March 2026. Of the reports received, more than half( 175) were from Small Medium Enterprises (SMEs).

Financial losses totalling around ยฃ270,000 were reported, a 50 per cent increase compared to previous year. However, these figures are likely to be much higher, the police admit, as businesses often under-report financial losses, as admission of ransom payments could be seen as supporting criminal activity or breaching compliance regulations.

What to do

Chief Superintendent Amanda Wolf, Head of Report Fraud Operations, said: โ€œRansomware remains a serious and evolving threat to organisations of all sizes across the UK. The most effective defence is preparation. We encourage businesses to be proactive – through regular data backups, strong access controls, keeping systems up to date, and following National Cyber Security Centre guidance. These can all significantly reduce the risk and impact of an attack. If a business is experiencing a ransomware attack, it should be reported immediately by calling Report Fraud on 0300 123 2040, where a dedicated team is available to provide support and guidance during an incident.โ€ The UK Official National Cyber Security Centre (NCSC) and UK law enforcement do not encourage, endorse or condone the payment of ransom demands. The authorities point out there is no guarantee that access can be regained to data held; and devices could still be infected. Visit:ย ncsc.gov.uk/ransomware.

Comment

Keven Knight, CEO of Talion argues against organisations paying ransom demands. He says: “Based on the data from Report Fraud, it is clear many organisations are falling under attack but failing to report it out of fear of unwanted attention from customers and media, and because they clearly know they are going against government advice. It seems highly unlikely that only 323 organisations came under attack in the last year. The genuine number is likely far higher, but these attacks are just not being reported.
“Organisations must understand that paying a demand rarely achieves the goal they are after. Many organisations believe paying a demand provides the fastest route to recovery and normal service, but this is not the case. Firstly, attackers will rarely return data in full, while secondly, it can often be returned in a format that completely differs from its original form. This means organisations still have a lot of work to decrypt the data, understand what is missing and rebuild systems. This is a massive job and itโ€™s rarely something that can be done quickly.
“Furthermore, decryption keys donโ€™t always work, which means organisations can pay a demand, but they still canโ€™t rebuild their data. Research has also shown that attackers will regularly still keep data they claim to delete, which means organisations are still at risk of it winding up on the dark web, even after they have paid. Given all of these issues, paying is clearly a gamble and it can often amplify costs rather than reduce them.
“Organisations must be aware of this and focus on preventative steps to improve their defences against attacks. Paying under the radar is not the solution, it only fuels the ransomware industry and benefits attackers.โ€