Don’t pay the ransom: Warning to organisations to protect themselves from ransomware attacks as more than 320 businesses affected last year

Businesses are being warned about ransomware attacks and how to report them, as new figures reveal 323 companies were targeted last year, equating to more than 26 attacks each month.

Data from Report Fraud reveals that 323 organisations reported a ransomware attack between April 2025 and March 2026. Of the reports received, more than 50 per cent were from Small Medium Enterprises (SMEs) (175 reports).

Financial losses totalling around £270,000 were reported, a 50 per cent increase compared to previous year. However, these figures are likely to be much higher, as businesses often underreport financial losses, as admission of ransom payments could be seen as supporting criminal activity or breaching compliance regulations.

Ransomware remains one of the biggest threats to businesses and organisations across the UK. As part of a campaign launching today (29 June 2026), Report Fraud is urging everyone to protect themselves and their businesses from the active threat of ransomware attacks, especially SMEs. The campaign also highlights how important it is to report when an organisation is attacked by cyber criminals.

Analysis shows that reports made where the sector of the organisation was listed, the manufacturing industry (42 reports), scientific and technical sector (21 reports) and education sector (19 reports) have all been impacted.

How does it work?

A ransomware attack happens when cyber criminals, who are part of an organised crime group, find a vulnerability in a company’s network to gain access, then establish control and plant malware into the company’s encryption software. The malware planted is designed to prevent a person or business from accessing a device and the data stored on it.

Once the malware is activated, it locks devices and access to data across the company’s network and the cyber criminals behind the attack will then demand a ransom via an onscreen notification in exchange for a decryption key in order to release the files or data held. The cyber criminals will often use an untraceable payment method, likely using a cryptocurrency.

Chief Superintendent Amanda Wolf, Head of Report Fraud Operations, said:

“Ransomware remains a serious and evolving threat to organisations of all sizes across the UK.

“The most effective defence is preparation. We encourage businesses to be proactive - through regular data backups, strong access controls, keeping systems up to date, and following National Cyber Security Centre guidance. These can all significantly reduce the risk and impact of an attack.

“If a business is experiencing a ransomware attack, it should be reported immediately by calling Report Fraud on 0300 123 2040, where a dedicated team is available to provide support and guidance during an incident.”

What to do if you’re under a ransomware attack

• If you are a small or medium sized enterprise currently experiencing a ransomware attack, you should report it immediately by calling Report Fraud on 0300 123 2040. Report Fraud has a 24/7 phone line dedicated for businesses, charities or organisations who are under a cyber attack.
• Do not pay the ransom. The National Cyber Security Centre and UK law enforcement do not encourage, endorse or condone the payment of ransom demands. There is no guarantee that access can be regained to data held and devices could still be infected.

Take the right steps to ensure your organisation is protected against ransomware by looking at the advice and guidance from the National Cyber Security Centre: ncsc.gov.uk/ransomware.

Businesses and organisations can also ensure they are protected against the most common cyber threats using further resources from the National Cyber Security Centre:

• Cyber Action Toolkit: https://cybertoolkit.service.ncsc.gov.uk/
• Cyber Essential: https://www.ncsc.gov.uk/cyberessentials