Skip to main content

Ransomware Protection

Ransomware encrypts your files and demands payment for the key. It can put a small business out of action for days or permanently. The good news: the same basic security measures that protect against most cyber threats also protect against ransomware.

How ransomware gets in

Ransomware doesn't usually arrive as an obviously suspicious file. Understanding the common routes in helps you block them.

  • Phishing emails with malicious attachments or links are the most common delivery method.
  • Remote Desktop Protocol (RDP) exposed to the internet is frequently targeted by automated attacks.
  • Outdated software with known vulnerabilities is exploited to install ransomware without any user interaction.
  • Compromised credentials — often bought on dark web markets — allow attackers to log in directly.
  • Malicious websites and drive-by downloads can install ransomware on vulnerable, unpatched browsers.

Core prevention measures

These are the same measures recommended by Cyber Essentials. Implementing them removes your exposure to the vast majority of ransomware attacks.

  • Keep all software patched and updated — most ransomware exploits vulnerabilities that have had patches available for months.
  • Use multi-factor authentication on all accounts, especially email, remote access, and cloud services.
  • Disable or restrict RDP if you don't need it — if you do, use a VPN and MFA to protect it.
  • Filter email at the gateway level to block malicious attachments before they reach staff.
  • Restrict which applications users can install — most ransomware relies on users running executable files.

The role of backups

A reliable, tested, offline backup is your most important protection against ransomware. If you can restore your data, you don't need to consider paying the ransom.

  • Maintain at least one backup that is not connected to your network — ransomware encrypts connected drives.
  • Test your backup restoration process before you need it.
  • Use backup software that maintains version history so you can restore files from before the ransomware encrypted them.
  • Cloud storage alone is not sufficient — if ransomware encrypts your files, the encrypted versions sync to the cloud.

Preparing your response

Knowing what to do before an incident happens means you can respond quickly and calmly rather than making poor decisions under pressure.

  • Identify who in your business makes decisions about security incidents — and who covers when they're unavailable.
  • Document your backup restoration procedure so anyone in the team can follow it.
  • Keep contact details for your IT support, cyber insurer, and legal adviser somewhere accessible offline.
  • Know your legal obligations — ransomware attacks that expose personal data may require reporting to the ICO within 72 hours.

If you are hit by ransomware

Acting quickly and systematically limits the damage. Do not pay the ransom without professional advice.

  • Isolate infected systems immediately — disconnect from the network to prevent spread.
  • Contact your IT support or a specialist incident response provider — don't attempt to clean the infection yourself.
  • Report to the NCSC and to Action Fraud (0300 123 2040).
  • Assess whether personal data has been exposed — if so, notify the ICO within 72 hours.
  • Do not pay the ransom without taking professional advice — payment funds criminal activity, doesn't guarantee recovery, and may be illegal in some jurisdictions.

Ready to protect your business?

Start free — no credit card needed