UK Ransomware Attacks Hit Over 300 Firms in a Year

▼ Summary
– UK organizations faced over 26 successful ransomware attacks per month last year, with over half of the 323 reported cases involving small and mid-sized companies.
– Financial losses from ransomware incidents rose 50% annually to about £270,000, though this figure is likely an underestimate due to underreporting.
– Manufacturing was the most affected sector with 42 reports, followed by scientific/technical (21) and education (19).
– Chief superintendent Amanda Wolf urged businesses to use regular backups, strong access controls, and NCSC guidance as key defenses.
– Experts believe real ransomware numbers are higher, with Talion’s CEO advising against paying ransoms due to unreliable data recovery and decryption issues.
Over 300 UK organizations fell victim to successful ransomware attacks in the past year, averaging more than 26 incidents per month, according to fresh figures from Report Fraud. The data, compiled by the City of London Police, reveals that small and mid-sized enterprises (SMEs) bore the brunt of the threat, accounting for over half of the 323 corporate reports filed between April 2025 and March 2026.
Financial damage from these breaches surged 50% year-on-year, with average losses climbing to approximately £270,000 ($357,000). However, authorities acknowledged this figure is likely conservative, as many companies underreport the true cost of recovery and disruption.
Among victims that disclosed their sector, manufacturing led the tally with 42 reports, followed by the scientific and technical sector (21) and education (19). Chief Superintendent Amanda Wolf, head of Report Fraud operations, stressed that proactive defense remains the most effective strategy. “We encourage businesses to be proactive – through regular data backups, strong access controls, keeping systems up to date, and following National Cyber Security Centre guidance,” she said. “These can all significantly reduce the risk and impact of an attack.”
The past year proved especially damaging for UK enterprises, with high-profile breaches hitting Marks & Spencer, Co-op Group, and Jaguar Land Rover, collectively costing the national economy billions. In the most recent case, Russian hackers have been blamed for the Jaguar Land Rover incident, with experts suggesting the attack may have prioritized sabotage over financial gain.
Despite the severity of these incidents, reporting remains inconsistent. Security experts believe the true number of ransomware breaches is likely far higher than official figures suggest. Talion CEO Kevin Knight urged corporate victims to resist paying ransoms. “Attackers will rarely return data in full, and it can often be returned in a format that completely differs from its original form,” he explained. “This means organizations still have a lot of work to decrypt the data, understand what is missing and rebuild systems. This is a massive job and it’s rarely something that can be done quickly.”
He added that decryption keys frequently fail, leaving organizations out of pocket and still unable to recover their data. Knight echoed Wolf’s call for a prevention-first approach, emphasizing that resilience, not ransom payments, is the key to long-term security.
The UK government continues to deliberate on mandatory ransomware reporting and a potential ban on payments for public sector bodies and critical national infrastructure (CNI) providers. Until such measures are enacted, the full scale of the threat will remain obscured, according to Timon Johnson, principal Cyber Essentials assessor at Closed Door. “A legal framework which incentivized accurate and open reporting around ransomware might help to highlight the seriousness of the problem and encourage more organizations to prioritize prevention,” he said. “But until then, we’ll continue to see reticence and omission.”
(Source: Infosecurity Magazine)


