A guide to Ransomware

Ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. A criminal group will then demand a ransom in exchange for decryption.

How does ransomware work?


Attackers gain access to your network. They establish control and plant malicious encryption software.  They may also take copies of your data and threaten to leak it.


The malware is activated, locking devices and causing the data across the network to be encrypted, meaning you can no longer access it.

Ransom demand

Usually you will then receive an on-screen notification from the cyber criminal, explaining the ransom and how to make the payment to unlock your computer or regain access to your data. 

Payment is usually demanded via an anonymous web page and usually in a cryptocurrency, such as Bitcoin

It is important to try and establish how the attackers gained access to your network in the first place so you can prevent future ransomware attacks.

Should I pay the ransom?

Law enforcement does not encourage, endorse nor condone the payment of ransom demands. If you do pay the ransom:

  • there is no guarantee that you will get access to your data or computer
  • your computer will still be infected
  • you will be paying criminal groups
  • you're more likely to be targeted in future

For this reason, it is important that you always have a recent offline backup of your most important files and data.

Prevent and protect against ransomware

Attackers will likely threaten to publish data if payment is not made. To counter this, you should take measures to minimise the impact of data theft.

Take a look at NCSC’s guidance that will help prevent you or your organisation experiencing a ransomware or other kind of cyber attack, and ultimately protect the data that is important to you.

Mitigating malware and ransomware attacks

  • How to defend organisations against malware or ransomware attacks

Backing up your data

  • How to make sure you can recover your important photos, documents, and other personal data stored on your IT equipment.

Protecting bulk personal data

  • 15 good practice measures for the protection of bulk data held by digital services.

Further information can be found on NCSC's A guide to ransomware.

Cyber Insurance

Cyber security considerations for organisations thinking about taking out cyber insurance.

In a world where cyber threats are varied (and constantly changing), cyber insurance can help your organisation to get back on its feet, should something cyber-related go wrong. Managing cyber incidents (such as ransomware, data breaches) may require in-depth technical knowledge. As well as minimising business disruption and providing financial protection during an incident, cyber insurance may help with any legal and regulatory actions after an incident.

However, before considering any cyber insurance, you can help protect your organisation by ensuring you have fundamental cyber security safeguards in place, such as those certified by Cyber Essentials, or Cyber Essentials Plus.

Before making a decision on Cyber Insurance, read NCSC's Cyber Insurance Guidance.