Are you prepared for a ransomware attack?

Would You Know How To Respond If Your Organisation Were Hit By A Ransomware Attack? According To Jonathan Benton, Chief Executive And Founder Of Isanctuary, Many Businesses, Both Small And Large, Are Not Nearly As Prepared As They Should Be.

Jonathan Benton, a former senior detective with more than 27 years’ experience, including as a hostage and crisis negotiator, now leads iSanctuary, a UK based firm that conducts technology-enabled crossborder investigations, tracks hidden assets, and specialises in crisis management. Drawing on his experience dealing with cybercriminal networks, terrorist organisations and state actors, in this article Jonathan underlines the urgent need for businesses to plan ahead.

THE SCALE OF THE THREAT

The financial and reputational cost of a ransomware attack is staggering. Marks & Spencer, a retail giant in the UK, for example, recently suffered an attack resulting in losses exceeding GBP300 million, almost an entire year’s operating profit. Yet large corporates are not the only targets. Smaller businesses are also at risk precisely because they are seen as less able to withstand or resist demands.

Attackers range from individuals operating from their bedrooms to state-backed operations and organised criminal networks. Identifying the nature of the threat is far from straightforward. If you don’t know what threat you face, you don’t know how to prepare for it.

HOW RANSOMWARE WORKS

While some attacks are triggered instantly through phishing emails or malicious downloads, others involve malware planted within systems, lying dormant until activated. Typically, the attack culminates in a demand sent from an anonymous source, threatening to release stolen data unless payment is made.

The decision-making process at this stage is complex and must involve more than just the CIO or CTO. It requires a whole C-Suite level response, given the legal, operational and reputational risks involved. Questions around business continuity, the scope of the breach, and communications strategy, both internal and external, all demand immediate attention.

LEGAL CONSIDERATIONS

A key issue for corporate counsel is whether to, and how to interact with the attackers. Our advice is to stall for time to understand who the attackers are, if they are linked to sanctioned entities – they could be state-backed criminals. And importantly, what legal implications may arise if payments are made. Immediate payment is rarely justified and should not happen.

Large corporates are not the only targets. Smaller businesses are also at risk precisely because they are seen as less able to withstand or resist demands.

Recent legal developments provide additional tools. While unique to the UK, it is worth noting that English courts have begun granting super-injunctions enabling service providers to remove published data rapidly and preventing media reporting. This helps cut off the publicity attackers seek to increase pressure on victims. The hackers want to create an environment of fear and panic, this can be mitigated against, particularly through thorough preparation.

Payment, if it is considered at all, carries significant challenges. Criminals typically demand cryptocurrency, which many businesses are ill-equipped to provide. Having a rehearsed plan in place can give organisations the breathing space to negotiate, reduce demands, or in some cases avoid payment altogether.

PREPARING A PLAYBOOK

Preparation is central to resilience. Every business should establish a ransomware ‘playbook’: a secure, standalone plan setting out how the organisation will understand internally all roles and responsibilities, who the decision makers are and whether external support should be drafted in. The team managing the attack will need to assess damage, engage with attackers, and make key decisions. This should incorporate a legal framework and a clear communications protocol to prevent well-meaning staff from exacerbating the situation. Internal communication is critical too. Staff can panic, inadvertently speak out or even acerbate the problem by rebooting infected systems.

Having a playbook means that, in the event of an attack, you can immediately follow a tested process rather than improvise under pressure. The military and police plan for crisis then practice their responses, yet repeatedly we witness businesses and organisations that assume it will not happen to them. The modest investment required to develop and rehearse such a plan can save businesses millions and prevent irreparable reputational harm.

TRAINING AND RESPONSE

At iSanctuary, we work with financial and professional services firms to stress-test senior teams through simulated ransomware attacks. These exercises expose leaders to the pressure and complexity of a live attack, highlighting gaps in preparation. We also support organisations in real-time, working alongside insurers, regulators and law enforcement to contain and resolve incidents.

We urge businesses to build relationships with any relevant national bodies (in the UK, for example, the National Cyber Security Centre and the National Crime Agency, in Singapore, the Cyber Security Agency, etc.) which hold valuable intelligence that can support decision-making during an attack.

The modest investment required to develop and rehearse a plan can save businesses millions and prevent irreparable harm.

AN UNAVOIDABLE REALITY

The most important lesson we have learned is that a ransomware attack should not be seen as a remote possibility. Assume it is going to happen to you, because when it does, if you are not prepared, it could very well destroy your business.

Jonathan Benton, founder & CEO, iSanctuary

Jonathan Benton is founder and CEO of iSanctuary, a global intelligence firm specialising in asset protection, tracing and recovery, including crypto, Open Source Intelligence investigations, and enhanced due diligence.

For more on iSanctuary’s Ransomware Preparedness program contact Tim Gilikson, our Business Development Manager at:
tg@isanctuary.io

Are you prepared for a ransomware attack?

Would You Know How To Respond If Your Organisation Were Hit By A Ransomware Attack? According To Jonathan Benton, Chief Executive And Founder Of Isanctuary, Many Businesses, Both Small And Large, Are Not Nearly As Prepared As They Should Be.

THE SCALE OF THE THREAT

HOW RANSOMWARE WORKS

LEGAL CONSIDERATIONS

PREPARING A PLAYBOOK

TRAINING AND RESPONSE

AN UNAVOIDABLE REALITY

Overview of China’s Latest Regulations on Cybersecurity Incidents Reporting

A Long-Awaited Return: Vietnam’s In-House Community Comes Together in Ho Chi Minh City

Transforming Legal Service Delivery in Asia-Pacific with AI: What In-House Counsel Need to Know from ALITA’s SOLIA Report 2025

A Decade of Disputes, Direction and Distinction: SAT & CO at 10

IHC eMagazine February 2026: Celebrating Legal Excellence Across Asia and the Middle East

Getting to know… Paul T. Salanga, Maharlika Investment Corporation

A Long-Awaited Return: Vietnam’s In-House Community Comes Together in Ho Chi Minh City

Transforming Legal Service Delivery in Asia-Pacific with AI: What In-House Counsel Need to Know from ALITA’s SOLIA Report 2025

A Decade of Disputes, Direction and Distinction: SAT & CO at 10

Getting to know… Effie Vasilopoulos

Getting To Know…Paul Haswell

Getting to know… Peter Godwin of Herbert Smith Freehills, Malaysia

Core Points of the New PRC Company Law and Compliance Transformation of Limited Liability Companies

The Use of Hydrogen in the Energy System in Malaysia and the Relevant Laws and Regulations

Getting to know… Joe Liu

Subscribe to Newsletter

Would You Know How To Respond If Your Organisation Were Hit By A Ransomware Attack? According To Jonathan Benton, Chief Executive And Founder Of Isanctuary, Many Businesses, Both Small And Large, Are Not Nearly As Prepared As They Should Be.

THE SCALE OF THE THREAT

HOW RANSOMWARE WORKS

LEGAL CONSIDERATIONS

PREPARING A PLAYBOOK

TRAINING AND RESPONSE

AN UNAVOIDABLE REALITY

More like this