Insights
Training
On-demand
INSIGHTS
All Topics
You are viewing 1 of your 2 free articles
Ransomware Guidance for Charities
28 Feb 2020by Cub Llewelyn Davies
The NCSC offers charity guidance for what to do in the event of a ransomware attack.
Cub Llewelyn-Davies - Charity Sector Lead from the National Cyber Security Centre, provides guidance for charities facing ransomware attacks.
Earlier this month, NCSC took part in our first podcast with Charity Digital, joined by the brilliant Michala Liavaag from Marie Curie. In it, we were asked to reflect on the state of cyber security in the charity sector throughout 2019 and what we think will be in store for 2020. We won’t give away all of our answers here, instead, you can listen to the podcast.
One area I’d like to give a little more attention to though is Ransomware. You don’t have to far to see a news story about an organisation in the grips of a ransomware attack, for example, Redcar and Cleveland Council have been battling the effects of an attack for almost 3 weeks.
Charities are not immune to cyber attacks and should absolutely be considering how resilient they are to ransomware.
Follow-up questions for CAI
How can charities implement effective offline backups against ransomware attacks?What immediate steps should charities take during an active ransomware infection?How does ransomware typically encrypt or lock charity data and systems?Why does the NCSC advise against paying ransomware demands to attackers?How can charities report ransomware incidents to appropriate authorities effectively?Related Articles
What is ransomware?
Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Normally, you’re then asked to make a payment by the attackers in order to unlock your computer or release your data.
What’s new?
The good news is that at the NCSC, we have just updated our ransomware guidance to ensure it remains current with the types of attacks we are seeing and how best to defend against them.
In the review, we have added a new element to the guidance by emphasising offline backups as a defence against ransomware. NCSC have seen a number of ransomware incidents lately where the victims had backed up their essential data (which is great), but all the backups were online at the time of the incident (not so great). It meant the backups were also encrypted and ransomed together with the rest of the victim’s data. Ultimately meaning that they had no clean backup from which to restore their data.
Should I pay the ransom?
We often get asked, “should I pay the ransom?” – The NCSC supports the National Crime Agency (NCA) recommendations who generally advise not to pay the ransom, as there is no guarantee that you will get access to your device (or data).
You are also encouraged to report cyber crime and fraud to Action Fraud.
Help! I am experiencing a ransomware attack now…
If your organisation is already infected, NCSC have produced a list of actions you should take as soon as possible.
09 Feb 2026by Laura Stanley
Why mobile device management mattersSponsored Article
09 Feb 2026by Josie Sparling
Cyber security trends to watch out for in 2026Sponsored Article
09 Feb 2026by Laura Stanley
What employment law updates mean for charitiesSponsored Article
Our Events
13 May 2026Online
Masterclass: An introduction to generative AI
Charity Digital Academy
Our courses aim, in just three hours, to enhance soft skills and hard skills, boost your knowledge of finance and artificial intelligence, and supercharge your digital capabilities. Check out some of the incredible options by clicking here.
© 2022 Charity Digital Trust. All rights reserved
