View All Articles 48 - Don’t pay the ransom: Warning to organisations to protect themselves from ransomware

Don’t pay the ransom: Warning to organisations to protect themselves from ransomware

29th of June, 2026

Don’t pay the ransom: Warning to organisations to protect themselves from ransomware

Businesses are being warned about ransomware attacks and how to report them, as new figures reveal 323 companies were targeted last year, equating to more than 26 attacks each month. 

Data from Report Fraud reveals that 323 organisations reported a ransomware attack between April 2025 and March 2026. Of the reports received, more than 50 per cent were from Small Medium Enterprises (SMEs) (175 reports). 

  

Ransomware remains one of the biggest threats to businesses and organisations across the UK. As part of a campaign launching today (29 June 2026), Report Fraud is urging everyone to protect themselves and their businesses from the active threat of ransomware attacks, especially SMEs. The campaign also highlights how important it is to report when an organisation is attacked by cyber criminals. 

Analysis shows that reports made where the sector of the organisation was listed, the manufacturing industry (42 reports), scientific and technical sector (21 reports) and education sector (19 reports) have all been impacted.

How does it work?

A ransomware attack happens when cyber criminals, who are part of an organised crime group, find a vulnerability in a company’s network to gain access, then establish control and plant malware into the company’s encryption software. The malware planted is designed to prevent a person or business from accessing a device and the data stored on it. 

Once the malware is activated, it locks devices and access to data across the company’s network and the cyber criminals behind the attack will then demand a ransom via an onscreen notification in exchange to decrypt the files or data held. The cyber criminals will often use an untraceable payment method, likely using a cryptocurrency.

What to do if you’re under a ransomware attack

If you are a small or medium sized enterprise currently experiencing a ransomware attack, you should report it immediately by calling Report Fraud on 0300 123 2040. Report Fraud has a 24/7 phone line dedicated for businesses, charities or organisations who are under a cyber attack.  Do not pay the ransom. The National Cyber Security Centre and UK law enforcement do not encourage, endorse or condone the payment of ransom demands. There is no guarantee that access can be regained to data held and devices could still be infected.

Take the right steps to ensure your organisation is protected against ransomware by looking at the advice and guidance from the National Cyber Security Centre: ncsc.gov.uk/ransomware. 

Businesses and organisations can also ensure they are protected against the most common cyber threats using further resources from the National Cyber Security Centre:

Cyber Action Toolkit: https://cybertoolkit.service.ncsc.gov.uk/ Cyber Essential: https://www.ncsc.gov.uk/cyberessentials

Do you want to support Report Fraud Ransomware campaign? Download the assets here: www.reportfraud.police.uk/content-hub. If you have issues accessing the assets, please copy and paste the URL into an incognito browser window.