👾 Ransomware is the most acute cyber threat for most businesses in the UK and the impact of an attack can have far reaching effects in an organisation.
The Government has proposed banning public sector and critical infrastructure organisations from making ransomware payments.
There is also a proposal for the creation of a mandatory reporting regime for ransomware incidents. This is intended to boost available intelligence on ransomware attacks for law enforcement agencies.
The main objectives of the proposed legislation are:
🛡️ to reduce the amount of money flowing to ransomware criminals from the UK.
🛡️to increase the ability of operational agencies to disrupt and investigate ransomware actors by increasing the UK's intelligence around the ransomware payment landscape.
🛡️ to enhance the government's understanding of the threats in this area to inform future interventions, including through cooperation at international level.
The service will help increase the National Crime Agency (NCA)'s awareness of live attacks and criminal ransom demands.
Further information about the consultation can be found 👉Ransomware: proposals to increase incident reporting and reduce payments to criminals
The NCSC published a report at the end of 2024 stating that cyberattacks are becoming more frequent and severe. The NCSC report can be viewed👉NCSC Risk Facing UK Widely Underestimated. Richard Horne, CEO NCSC stated:
“There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cyber criminals. The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve."
Knowledge Bank Support & Guidance If you're worried about your cyber resilience and you are a school or college, consider how the DfE Digital Standards can help with this. Start by assigning your SLT Digital Lead and reviewing the Digital Leadership & Governance Standards. Small businesses can also view our Cyber Security Best Practice Area.
🚫 Generally speaking, victims are always advised not to pay ransoms as there is never a guarantee that a decryption code will be received or that the data will be received even if it is decrypted.
🔍 Remember that by reporting an incident, however small it may seem, might just be the last piece of the puzzle that's needed for gathering evidence against a threat actor. Do you know how to report cyber incidents?
What to do in the event of a Cyber Attack
Tell someone! Report to IT. Report to SLT.Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off. Isolate the infected device and pass to IT
If you are a victim of a ransomware attack we would recommend reporting this to:
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss or your local police and ask for the cyber crime team or phone 101 and ask for the cyber crime team.
Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email
These incidents should also be reported to the DfE sector cyber team at
Academy trusts have to report these attacks to ESFA.
Where the incident causes long term school closure, the closure of more than 1 school or serious financial damage, you should also inform the National Cyber Security Centre.
Always ensure there are backups you can restore from. Preserving evidence is as important as recovering from the crime.
Forward suspicious emails to