Remote Support Client Portal

0333 004 0339

Menu

How Are Ransomware and Phishing Attacks Related?

5 November 2025

The UK Cyber Security Breaches Survey (2025) reports that phishing is the most common type of cyber attack experienced by businesses and charities, and is a common precursor to ransomware attacks. Ransomware is also on the rise, with an incidence increase from 0.5% to 1% between 2024 and 2025. 

So, how exactly are ransomware and phishing attacks related?

Phishing is a type of social engineering technique that involves attackers sending emails or messages that are designed to trick victims into:

  • revealing sensitive information,
  • downloading a malicious file. 

On the other hand, ransomware is malicious software that encrypts files and systems, with attackers typically demanding payment in exchange for decryption. 

Phishing is a common delivery mechanism for a ransomware attack. For example:

  1. A cybercriminal sends a phishing email with a malicious link or attachment.
  2. The victim is tricked into entering login credentials on a spoofed website or downloading a file.
  3. The attacker uses this access to deploy ransomware on critical systems.
  4. Files and systems are encrypted, and a ransom demand is issued.

Read on to learn more about what ransomware and phishing attacks are, how they differ, and how they’re connected.

Jump to a section:

What is Phishing?

Phishing is an attempt to steal sensitive information, such as usernames, passwords, credit card numbers, bank details or other personal data. Cybercriminals use emails, texts or phone calls to trick victims into visiting a fraudulent website, which may then download a virus to the victim’s computer or capture their login details. These messages appear to come from a reputable and legitimate source, which is why phishing has become such a prevalent form of social engineering attack. 

The National Cyber Security Centre advises: “Criminals use information about you that’s available online (including on social media sites) to make their phishing messages more convincing.”

According to the government’s 2025 Cyber Security Breaches Survey, phishing remains the most common and disruptive form of cyber attack, experienced by 85% of businesses and 86% of charities. 

Types of Phishing Attacks

There is a wide range of phishing attacks, including:

  • Email phishing (mass emails designed to target many people at once)
  • Blagging or spear phishing (highly targeted attack on one specific individual)
  • Whaling (a form of spear phishing that focuses on high-profile individuals)
  • Smishing (phishing through SMS or messages)
  • Vishing (phishing conducted over the phone, also known as voice phishing)
  • Angler phishing (attackers pose as legitimate customer service agents on social media)

For a comprehensive overview of the difference between phishing and blagging, read our blog, ‘What Is the Difference Between Phishing and Blagging?’.

Receiving an email

What is Ransomware?

According to the National Cyber Security Centre, “Ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. A criminal group will then demand a ransom in exchange for decryption.”

Ransomware is on the rise, according to the government’s 2025 Cyber Security Breaches Survey. The estimated percentage of all businesses that experienced a ransomware attack in the last 12 months increased from less than 0.5% in 2024 to 1% in 2025. This is an estimated 19,000 businesses affected by ransomware attacks, here in the UK. 

How Ransomware Works

Ransomware attacks typically take place across 3 steps:

  1. The ransomware encrypts your files and systems, rendering them inaccessible without the decryption key.
  2. A message appears demanding a ransom (typically in cryptocurrency) in exchange for the decryption key.
  3. Attackers may also threaten to leak sensitive information if the ransom is not paid (called ‘double extortion’).

How is Ransomware Spread

Ransomware can be spread in a range of different ways, but the most common infection techniques include:

Investing in managed cyber security services is the best way to ensure your organisation doesn’t fall victim to a ransomware attack. Book your free consultation with Obsidian Networks today to find out how we can help protect your business. 

Difference Between Ransomware and Phishing 

Phishing is a type of social engineering attack that uses deceptive emails or messages to trick users into providing access to sensitive information. However, ransomware is a type of malware that encrypts a user’s files and demands a ransom for their decryption. In other words, phishing is the method (called the attack vector) that cybercriminals use to get access, while ransomware is the malicious software (called the payload) that carries out the harmful action (in this instance, encrypting user files).

Feature Phishing Ransomware
Definition An attempt to steal sensitive information such as usernames, passwords, credit card numbers, or other personal data using deceptive emails, messages, or calls. A type of malware that encrypts a device’s files and systems, making them inaccessible, and demands a ransom (usually cryptocurrency) for decryption.
Goal To obtain sensitive information, login credentials, or financial details. To extort money by denying access to data or threatening to leak it (‘double extortion’).
Attack Type Social engineering attack/deception. Malware/malicious software.
Delivery Method Emails, SMS, phone calls and social media messages. May include malicious links or attachments. Often delivered via phishing emails, malvertising and drive-by downloads.
Impact Credential theft, financial loss, account compromise and identity theft. Data loss, operational downtime, financial loss from ransom payment and reputational damage.
Indicators of Attack Suspicious emails/messages, urgent requests, unknown senders and spoofed domains. Encrypted files, ransom note on screen, locked systems and threats to leak sensitive data.
Relationship Often used as the initial attack vector to deliver ransomware. It can be the payload delivered after a successful phishing attack.
Prevention Measures Cyber security training, phishing simulations as part of network penetration testing, email scanning, strong passwords and MFA. Regular backups, endpoint protection, network segmentation, patching, cyber security monitoring and managed anti-malware.

 

How Are Ransomware and Phishing Attacks Related?

Phishing is commonly used as a delivery method or attack vector for ransomware. In fact, according to America’s Cybersecurity and Infrastructure Security Agency, more than 90% of successful cyberattacks start with a phishing email. Cyber attackers use phishing emails or messages to trick victims into clicking on a malicious link, which then installs ransomware on their device. 

How do Phishing and Ransomware Work Together?

  1. Phishing is the delivery mechanism – fake messages or emails that appear to be from a trusted source encourage users to click, log in or download files 
  2. The user is the entry point – the user is misled into interacting with the malicious message or spoofed website. Once they click on a link or open an attachment, the ransomware is downloaded onto their computer. 
  3. The ransomware is the payload – once installed, the ransomware encrypts the victim’s files and displays a ransom note with a demand for payment.

Cybercriminals can easily send out mass phishing emails to a high number of potential victims, making it an effective and low-cost way to distribute ransomware. Phishing attacks rely on human error, making them difficult to prevent using traditional cyber security measures. Ensuring you have comprehensive cyber security policies in place and investing in cybersecurity training, such as the Cyber Essentials Certification, is the most effective way to reduce phishing attacks, which may result in a ransomware attack. 

Book your Cyber Essentials Certification today through Obsidian Networks or get in touch to find out more about our comprehensive managed cyber security services

Understanding how phishing and ransomware intersect in theory is crucial, but the following real-world cases show just how damaging this relationship can be in practice

Hacker looking at a screen

Real World Ransomware and Phishing Attack Examples

Due to more sophisticated strategies, such as AI-driven attacks, which are around 24% more effective than traditional attacks, the frequency of phishing attacks has increased significantly in recent years. Below are some of the most notable phishing and ransomware attacks.

Cisco Phishing Attack

In May 2022, Cisco experienced a cyber attack involving sophisticated voice phishing (vishing) and multi-factor authentication (MFA) fatigue. The attacker used a series of voice phishing attacks to trick employees into accepting MFA notifications to gain access to corporate systems. However, no sensitive data was compromised, and no ransomware was uncovered in Cisco’s systems. 

Kido Nurseries Phishing and Ransomware Attack

Kido Nurseries, a childcare provider, was targeted by the Radiant ransomware group. They experienced a series of phishing emails, after which the attackers exfiltrated sensitive data and demanded a ransom. The incident led to the exposure of personal information of over 8,000 children and their families.

Marks & Spencer (M&S) Ransomware Attack 

In spring 2025, M&S experienced a significant ransomware attack attributed to the Scattered Spider group. The breach began with a social engineering attack on a third-party IT helpdesk, leading to unauthorised access to M&S systems. The attackers encrypted critical systems and exfiltrated data, demanding a ransom for decryption and deletion of stolen files. The attack resulted in an estimated £300 million loss in operating profit and disrupted online sales, as reported by the BBC.

Cyber security visualisation with a padlock

Risks for Organisations

Ransomware and phishing attacks pose significant risks to organisations, including reputational damage, financial loss, operational downtime and data breaches. These risks are outlined in more detail below

Reputational Damage

  • Loss of trust – customers and stakeholders may lose confidence in an organisation’s ability to protect sensitive information or personal data following a successful phishing or ransomware attack. 
  • Brand impact – negative social media posts and news coverage about the attacks can cause lasting damage to your organisation’s reputation and public image. 

Financial Loss

  • Ransom payments organisations may be forced to pay a ransom (typically using cryptocurrency) to regain access to the systems and/or data. 
  • IT costs – after a ransomware attack, organisations will likely have to invest in additional IT and/or cyber security support, for example, to investigate the cause of the attack. According to GOV.UK data, the costs of this ranged from £60 to £60,000. 
  • Lost revenue – business operations are typically affected or halted entirely by a severe cyber attack, resulting in reduced revenue.
  • Insurance costs – insurance premiums can rise after a cyber security incident. 

Operational Downtime

  • Business disruption – ransomware attacks can shut down critical systems, potentially leading to the complete shutdown of business operations. 
  • Recovery time  – even after access is regained to files and systems, it can take significant time for an organisation to recover from a ransomware attack. 

Data Breaches

  • Data loss – many ransomware attacks involve stealing sensitive data before the encryption process. This can include personal, financial or proprietary information. 
  • Regulatory penalties – breaches can result in fines under certain data protection regulations, including the UK GDPR and the Data Protection Act 2018. 
  • Further attacks – information gained through the phishing or ransomware attack may be used in a second attack or sold on the dark web. Between 2024 and 2025, there has been a 12% increase in infostealer credentials for sale on the dark web, according to IBM’s X Force Report.

Psychological Impact

  • Stress – both during and after the attack, staff may feel significantly increased levels of stress, which may also negatively impact sleep and appetite. 
  • Guilt – according to government research, it was common for employees to feel personally responsible for an attack, alongside feelings of guilt and embarrassment that they could not access files. 

If client or customer data is compromised, this psychological impact will also be felt by them. 

The best way to reduce the risk of phishing and ransomware attacks is to invest in cyber security support from an experienced provider, such as Obsidian Networks. Book your free consultation today to find out more about how we can keep your organisation safe from cyber attacks.

Ransomware and Phishing Prevention Strategies

To fully protect your organisation from ransomware and phishing attacks, it’s essential to implement a multi-layered cyber security strategy, which should include safety measures, staff training, comprehensive policies, network penetration testing, monitoring, email scanning/filtering and data backup. We cover these strategies in more detail below. 

Safety Measures

Implement the following technical controls to strengthen your organisation’s defences:

  • Keep systems updated to prevent attackers from exploiting known vulnerabilities. You should establish a patch management policy to ensure timely updates.
  • Enable Multi-Factor Authentication (MFA) on all user accounts and systems.
  • Apply least privilege access. Review and revoke any unnecessary administrative privileges.
  • Use robust security software, such as firewalls and anti-malware software
  • Use a Virtual Private Network (VPN) for additional security, especially when using public Wi-Fi.

Staff Training

Investing in security awareness and phishing training can help employees identify and report suspicious activity and reduce the likelihood of phishing attacks being successful. Undertaking the Cyber Essentials certification, which covers the five technical controls that help protect organisations against 80% of the most common cyber attacks, is also vital to ensure your organisation is adequately protected. 

Cyber Security Policies

Ensuring your organisation has comprehensive cyber security policies in place is more important than ever, given the rise in remote working and cloud adoption. Ensure the following policies are relevant, up to date, and follow best practices:

  • Bring Your Own Device (BYOD) Policy
  • Remote Access Policy
  • Data Protection and Privacy Policy
  • Password Policy
  • Access Control Policy

At Obsidian Networks, we offer a robust Cyber Security Policy Management Service to ensure your policies meet industry standards, cyber security best practices, and comply with legal requirements. 

Learn more about Cyber Security Policy Management.

Network Penetration Testing 

At Obsidian Networks, we provide both Internal and External Penetration Testing to simulate real-world attack scenarios: 

  •  External penetration tests assess your defences against external threats, including phishing simulations.
  • Internal tests identify vulnerabilities that could be exploited by compromised accounts or insider threats.

This allows you to assess if further training is required, whether your current policies are being followed and if your security team responds effectively

Learn more about Internal & External Penetration Testing.

Cyber Security Monitoring

Continuous monitoring of your organisation’s networks and systems is crucial to detect and prevent cyber security attacks, such as phishing and ransomware. At Obsidian Networks, we offer both network and endpoint security monitoring, ensuring that we can monitor for a wide range of threats and respond swiftly to malicious activity. 

Learn more about Cyber Security Monitoring.

Email Scanning and Filtering

Phishing attacks often begin with a malicious email, making email scanning one of the most effective first lines of defence:

  • Use advanced spam filters to detect and quarantine phishing emails.
  • Block known malicious domains and attachments.
  • Deploy tools that analyse email headers and links for authenticity.
  • Encourage users to verify suspicious messages before clicking or replying.

At Obsidian Networks, we offer a comprehensive email scanning service. Using a range of tools, our scanning service can identify harmful email content, attachments and URLs, helping to protect your organisation and employees from phishing attacks. 

Learn more about Email Scanning.

Data Backup

Your data remains secure in the event of a cyber attack, such as ransomware. With automatic scheduling, data encryption and off-site storage, our data backup and recovery service is the best way to protect your organisation against data loss.

Learn more about Data Backup & Recovery.

Protect Yourself From Phishing, Ransomware and Other Cyber Security Threats

At Obsidian Networks, we offer Cyber Essentials Certifications to help businesses protect themselves against phishing, ransomware and other cyber security threats. We also offer comprehensive cyber security services to help protect your business from data breaches and cyber attacks, including:

Whether you’re interested in a bespoke cyber security solution or would like to learn more about the Cyber Essentials Certification, get in touch with a member of our team today or book your free consultation to get started. 

Let's Get Started!

Handshake icon

Strategy Meeting

At this strategy meeting, we will gain an understanding of your IT systems and show you how these could lead you to a Ransomware breach which may result in significant downtime and data loss.

Box icon

IT System Proposal

We will send you an IT Support and Cybersecurity proposal detailing how we can protect you and your business.

Tick icon

Let’s get started!

Once you are happy to sign up with us, one of our dedicated account managers will walk you through our digital on-boarding process.

© Copyright Obsidian Networks 2025

Handcrafted by PixelTree