Skip to main content
RansomwareHome & Business5 min read · Updated June 2026
Man looking frustrated and concerned at a laptop in a home setting

What Is Ransomware?

Ransomware is a type of malicious software that locks your files — or your entire computer — and demands payment to restore access. It has affected NHS hospitals, local councils, and millions of individuals worldwide. Understanding how it works is the first step to protecting yourself.

How Ransomware Gets In

Ransomware typically enters through one of these routes:

  1. A phishing emailwith a malicious attachment or link — clicking downloads the ransomware silently
  2. An unpatched vulnerabilityin your operating system or browser — criminals exploit known weaknesses in outdated software
  3. Unsecured remote accessa common entry point for businesses using remote desktop tools with weak passwords
  4. An infected USB driveless common but used in targeted attacks
  5. A compromised websitethat installs the ransomware without you clicking anything

What Happens During a Ransomware Attack

Once ransomware is on your device, it typically:

  1. Scans all your files silently
  2. Encrypts them — making every document, photo, and file unreadable
  3. Displays a ransom note demanding payment (often £500–£50,000 for individuals; significantly more for businesses)
  4. Sets a countdown timer to create pressure

Paying is not recommended. It funds criminal organisations, offers no guarantee your files will be returned, and may mark you as a willing target for future attacks.

Famous UK Ransomware Incidents

NHS WannaCry, 2017

80+ NHS trusts affected. Thousands of appointments cancelled. Estimated cost: £92 million.

Redcar and Cleveland Council, 2020

Council systems offline for three weeks. Cost: £10.4 million.

Hackney Council, 2020

Data of 280,000 residents put at risk. Recovery took months.

These are large organisations. Home users and small businesses are targeted too — typically with automated attacks that require no human effort from the criminal.

How to Protect Yourself

Ransomware is largely preventable with a few consistent habits:

For home users

  • Keep your devices and all software updated — most ransomware exploits known, fixable vulnerabilities
  • Back up important files to an external drive or cloud service — kept disconnected when not actively backing up
  • Never open unexpected email attachments, even from people you know
  • Use reputable antivirus software

For small businesses

  • Train every team member to recognise phishing emails — the most common entry point
  • Maintain offline, tested backups of all critical business data
  • Use multi-factor authentication on all accounts, especially remote access tools
  • Restrict which devices and users can install software

Get your free personalised cybersecurity plan

Answer a few quick questions and we'll build a step-by-step plan tailored to your situation — no jargon, no credit card required.

Start for free →

What to Do If You Are Hit

  1. Disconnect immediately — unplug from the internet and disconnect from any shared network to stop the ransomware spreading
  2. Do not pay the ransom — no guarantee of recovery and it funds further attacks
  3. Report to Action Fraud — actionfraud.police.uk or 0300 123 2040
  4. Check nomoreransom.org — a free NCSC-endorsed resource with decryption tools for some ransomware strains
  5. Restore from backup if you have one — the single most effective recovery method
  6. Get professional help if the attack is serious — the NCSC lists certified incident response companies at ncsc.gov.uk

Related guides

What Is Malware?

Ransomware is one type of malware. Learn about the full range of threats.

What Is Phishing?

Phishing emails are the most common way ransomware gets in.

What Is Two-Factor Authentication?

2FA stops criminals using stolen credentials to access your systems.

Frequently asked questions

Should I pay a ransomware demand?

No. The NCSC and Action Fraud both advise against payment. It provides no guarantee your files will be returned and directly funds criminal organisations. Focus on restoring from backups.

Can ransomware be removed without paying?

In some cases, yes. Security companies have released free decryption tools for certain ransomware strains. Check nomoreransom.org before considering any payment.

How do I protect my small business from ransomware?

The most important steps are: ensure all staff can recognise phishing emails, maintain offline backups tested regularly, keep all software updated, and use multi-factor authentication on all accounts.