What Is Ransomware? A Guide for UK Businesses
Ransomware is malicious software that encrypts your files and demands payment for the decryption key. It is the most financially damaging cyber threat facing UK businesses, with attacks increasing in frequency and sophistication year on year.
Direct Answer
Ransomware is a type of malware that encrypts a victim's files, rendering them inaccessible, and demands a ransom payment (usually in cryptocurrency) in exchange for the decryption key. Modern ransomware often includes 'double extortion' — attackers also steal data before encrypting it, threatening to publish sensitive information if the ransom is not paid. For UK businesses, prevention through layered security controls is far more effective and less costly than responding to an active ransomware incident. Ransomware among UK businesses more than doubled from less than 0.5% to 1% — approximately 19,000 businesses affected. 70% of UK ransomware attacks resulted in data being encrypted — up from 46% in 2024.
How to Protect Your Business from Ransomware
Effective ransomware protection requires multiple layers working together.
Email Security
Phishing emails are the most common delivery mechanism for ransomware. Advanced email filtering and DMARC/SPF/DKIM authentication reduce the risk significantly.
Endpoint Detection (EDR)
EDR monitors device behaviour in real time, catching ransomware before it can encrypt files — even if the malware is brand new and unknown to signature-based tools.
Tested Backups
Immutable, air-gapped backups that are regularly tested are your last line of defence. If ransomware gets through, backups let you recover without paying.
Staff Awareness
Training staff to recognise phishing emails and suspicious links reduces the likelihood of ransomware gaining initial access.
Patch Management
Keeping software and operating systems updated closes the vulnerabilities that ransomware exploits to spread across networks.
24/7 Monitoring
Security Operations Centre monitoring detects ransomware activity in its early stages — before encryption begins — enabling rapid containment.
Ransomware Response: Pay vs Recover vs Prevent
The cost and outcome of different approaches to ransomware.
| Feature | Pay Ransom£50K–£500K+ | Recover (No Backup)£20K–£200K+ | Prevent (Managed)£15–£25/user/moRecommended |
|---|---|---|---|
| Data recovered | Maybe (no guarantee) | Partial | N/A (attack prevented) |
| Downtime | Days to weeks | Days to weeks | Minimal |
| Legal/regulatory risk | High | High | Low |
| Reputational damage | Significant | Significant | None |
| Funds future attacks |
Ransom amounts and recovery costs vary significantly based on business size and attack severity.
Frequently Asked Questions
The first hour after detection is considered the golden hour that determines outcome severity. Organisations that detect breaches internally save an average of $900,000 in costs. Only 22% of UK businesses have a formal cybersecurity incident management plan in place.
Yes. 50% of small businesses (10-49 employees) reported a cybersecurity breach in 2025. UK small businesses face around 65,000 hack attempts daily, with approximately 4,500 successful breaches. More than a quarter of SMBs say a single cyber attack could put them out of business entirely.
The average cost of the most disruptive breach is £3,550 for UK businesses. For businesses that experienced negative outcomes such as data loss or financial theft, the average cost rises to £8,260. Medium and large businesses face average costs of £10,830 per disruptive incident.
BEC is a type of fraud where attackers impersonate executives or suppliers to trick employees into transferring funds or sharing sensitive data. BEC attacks increased 33% in 2025. The average loss per BEC incident is $137,000. Even organisations with fewer than 1,000 employees face a 70% weekly probability of a BEC attempt.
MFA requires two or more verification methods to access an account. Microsoft reports that over 99.9% of compromised accounts did not have MFA enabled. Only 40% of UK businesses have two-factor authentication enabled (DSIT 2025). MFA can prevent more than 99.9% of account compromise attempts.
Protect Your Business from Ransomware
A free security assessment identifies your ransomware risk and recommends practical improvements.