Although a flaw in Windows was behind it, we don’t know yet how the global ransomware attack that caused chaos across the NHS in the UK was physically triggered. It may well be that it started the way most ransomware attacks do – with an unsuspecting member of staff clicking on an email or attachment which unleashes malware.

Research by one of our security partners, Trend Micro, reveals that almost half (44%) of UK businesses were infected by ransomware in the last two years – almost a third of those more than once – with two thirds of those affected admitting that, ultimately, they paid the ransom.

Critically, a third of those questioned also admitted they had no programme to educate staff about the threat from ransomware.

Fraudsters are continually finding new ways to target us with links and attachments containing new strains of the malware. So in this blog in our series on ransomware, we are going to look at what you can do to educate your staff and make them aware of the potential threat.

Be suspicious

For a ransomware attack to be successful the malware has to be downloaded onto a computer or mobile device. This involves a human being clicking on an email or an email attachment to open up access to the device and/or network. So the first thing you should do is encourage your employees to be suspicious about the emails they get and what attachments they open. The trouble is, many so-called phishing emails can seem very innocent. They are designed to trick the member of staff into doing something.

Phishing emails

The vast majority of phishing emails now contain encrypted ransomware. A phishing email is, by its very description, ‘fishing’ for something and trying to hook you into revealing information or perform an action that will give cyber criminals access to your files.

How to spot one

Although a phishing email is most likely to come from an address or a person you don’t know, the more sophisticated ones can appear to come from one of your contacts. But a close look at an email can reveal anomalies in spelling, grammar and layout that are often characteristic of phishing and ransomware.

Ransomware attackers often rely on the recipient not understanding how domain names work. So they might include a well-known tech name or a brand name but add an extension ie.

Other things to look out for include:


Hover your mouse over any links embedded in the email. If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent.


Check the spelling of the email. Most legitimate emails won’t be full of grammatical mistakes.


Who is the email addressed to? If it is to a generic Dear Customer or Dear Employee it is unlikely to be genuine.


If the email contains a warning ‘Attention Unauthorised Access’ or is saying you have won an unexpected prize ‘Congratulations You’ve Won £10,000’ it is unlikely to be genuine.

Send me the money

If it asks you to send money it is most likely to contain a threat.

And equally, sometimes you might just get a gut feeling that something is not quite right.

Don’t download it!

Ransomware can infect your organisation not just through the devices but also through the web servers you use. As a result members of staff should not download software that hasn’t been authorised.

Report suspicious activity

It is important to have a reporting procedure in place. If someone in your organisation spots something suspicious there should be a named person or a department email that they can report it to so that action can be taken quickly.


Regular training should be carried out to reinforce the messaging to all staff around not opening anything they are even slightly concerned about. Employees should be regularly updated on the types of threats that exist (ransomware evolves quickly) and reminded not to click on emails or attachments without double-checking they are genuine first. Your policies and processes should reflect your organisation’s attitude to risk.

And whenever a new person joins your organisation they should also undergo best practice training.

Educate, educate, educate

Even those companies that have taken the above steps cannot guarantee they will be immune to attack. This is because ransomware attacks are difficult to detect and what are called ‘zero day exploits’ – new malware that’s unknown to the security experts – pop up all the time. Also, there’s a chance that if you fell for it once, you might well fall for it again.

When it comes to ransomware it pays to be wary about every email you receive—if it looks even remotely suspicious, don’t open it!

If you’d like to find out more about how we can help, get in touch.