What is Ransomware? A Guide for UK Small Businesses
How ransomware works, how businesses get hit, what it costs, and the specific steps that prevent it.
What ransomware actually is
Ransomware is malicious software that encrypts your files — making them completely inaccessible — and then demands payment (usually in cryptocurrency) in exchange for the decryption key.
When it works, it works fast. A ransomware infection can encrypt every file on your computer — and every file on any network drive it can reach — in minutes. You open your computer one morning and everything is locked. Customer records. Financial documents. Everything.
How businesses get hit
Ransomware gets into businesses through a small number of well-understood routes:
Phishing emails
The most common route. A staff member clicks a link or opens an attachment in a convincing fake email. The malware installs silently and begins encrypting files.
Unpatched software
Attackers scan the internet for computers running software with known vulnerabilities. If your systems haven't been updated, they can be compromised without any human interaction.
Weak or stolen passwords
If an attacker gets hold of a password — through a previous breach, guessing, or phishing — they can log into your systems and install ransomware manually.
Remote Desktop Protocol (RDP)
Many businesses expose remote desktop access to the internet for convenience. Attackers scan for these and try to brute-force their way in.
What it costs
The ransom demand itself is often the smaller part of the cost. The real costs are:
- Downtime — typically days to weeks, sometimes longer
- Recovery costs — IT specialists, new hardware, data recovery
- Lost business — clients who go elsewhere during the outage
- Reputational damage — particularly if client data was involved
- Regulatory fines — if personal data was compromised
The average cost of a ransomware incident for a UK small business is estimated at over £8,000. For many businesses, particularly those without good backups, it's significantly more — or fatal.
How to prevent it
The good news is that ransomware is largely preventable with basic security controls. The five most effective things you can do:
Keep software updated
The majority of ransomware infections exploit known vulnerabilities in unpatched software. Enabling automatic updates closes these doors.
Use multi-factor authentication
Even if an attacker has your password, MFA prevents them from logging in. This is the single most effective control against account-based attacks.
Train staff to recognise phishing
Staff who can spot suspicious emails are your last line of defence. A brief regular reminder about what to look for makes a significant difference.
Maintain separate backups
A recent backup stored separately from your main systems means you can recover without paying the ransom. Cloud sync is not a backup — it needs to be a separate copy.
Limit admin access
Ransomware spreads to everything it can reach. Limiting which accounts have admin access limits how far it can spread if one account is compromised.
All five of these controls are covered in the Cyber Essentials framework. Our 10-minute assessment will tell you which of these your business currently has in place and where your gaps are.
Find out where your business stands
Complete our 10-minute plain-English assessment and get a professional security report aligned to Cyber Essentials.
Start Your Free Assessment →£49 for the full report · No account required