top of page

Is the Charity Sector Vulnerable to Ransomware Attacks?

One of the biggest assumptions made by charities around cybercrime is that they won’t be affected as they don’t have anything of value to hackers and scammers.

hands holding a knitted heart and a clock

However, the alarming reality is that over a third of charities in our region have experienced a cyber-attack during the course of the pandemic. Here we will look to explore what charities should have in place to reduce the likelihood of falling victim to an attack.

Why are charities a target for scammers and hackers?

You might wonder why scammers and hackers target charities, considering that these organizations aren't usually swimming in cash. However, what makes charities attractive to these cybercriminals is the treasure trove of personal records and sensitive data they hold. If such information were to be exposed, it could seriously tarnish the charity's reputation and make it difficult for them to raise funds for their important causes in the future.

Adding to the appeal, almost half of all charities have weak or no cybersecurity measures in place. This makes them easy targets for hackers. Charities rely on public trust, with people believing that their donations will go towards making a positive impact. If that trust is shattered, it can have a devastating impact on the future operations of the affected charities.

So, what is ransomware?

It is a piece of software that gains access to your network – usually through a phishing attack – and once installed it will either, steal, delete or encrypt data. The attack is commonly followed by a request for money to get your data back or to decrypt it in place within your network. Don’t pay and the data will be published – causing huge reputational damage, or it will be lost forever – impacting on the charities ability to function.

And let’s be very clear about this. The underlying reason for ransomware attacks happening at all is so criminals can make money – they don’t care whether paying the ransom will prevent that organisation from funding a piece of life-saving equipment at the local hospital. They just want your money.

Imagine how this could affect your business – sensitive financial data relating to your customers, suppliers or even your own company, commercially sensitive data relating to staff, the operating of your business or contacts with others - these could all be compromised or lost.

The reality is that ransomware is now viewed as a business model and many entities behind these attacks will present themselves as being on the same side as the victim. So, in return for the payment your business will often be supported through a process which will return the data that has been encrypted / stolen. It is worthy of note that paying the ransom does not guarantee the return of the data and certainly does not guarantee that it won’t be sold on or published at some point in the future. Also, your network will still be infected, and you are more likely to be targeted again in the future.

Can you protect yourself from these attacks?

Ransomware is always preceded by an attack on the network itself, commonly through use of stolen credentials, a phishing e-mail or brute force attack. These attacks are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review. But the key points for protection to remember are:

  • Make your network resilient and practice good cyber hygiene using Cyber Essentials (CE) principles. As a member of the ECRC we will guide you through the process of preparing for Cyber Essentials as part of our Little Steps Program. Once completed we will refer you to one of our partners to complete the certification process. And successful accreditation brings with it £25000 worth of Cyber Insurance.

  • Make sure Staff Awareness Training is up to date – spotting a phishing e-mail early will prevent a lot of pain further on down the line. Have a look at our affordable Staff Awareness Packages that are available – high quality and provided by highly trained undergraduate students.

  • Make sure all staff know the symptoms of an ongoing ransomware attack and respond quickly to it using a prepared incident response plan. You can download a template from our site.

  • Identify common points of failure across the network – patch vulnerabilities and restrict access from malicious sites and IP addresses – speak with your MSPs about this and don’t assume that it will be done automatically. The important thing here is to understand where your main vulnerabilities are, then deal with them first.

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.

Here at the centre, we would recommend that you consider:

  • Joining our community for free. You will be supported through implementing the changes you need to make to protect your organisation.

  • Consider how we can help your own supply chain and customers – it would be great if you could look at promoting the centre on our behalf and we have a referral program to say thank you. Why not take a look or contact us to find out more.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page