Ransomware attack - Who should you contact?

If you have fallen victim to a ransomware attack you will certainly have a lot of decisions to make. Like many other crime situations it can be very easy to make that ‘knee jerk reaction’ without taking a moment to step back and consider the options, or indeed look for help.

Following the shock of losing access to files, there is the towering dilemma of whether or not to pay the ransom in order to get them back. In most cases reporting the attack to relevant authorities probably doesn’t figure high on the priority list. Many organizations operate without a cyberattack incident plan, so most are unlikely to know which organization(s) they should they contact in any case.

Unfortunately, we have become conditioned to believe that incidents of online fraud and ransomware are problems to be sorted out by the victim, or with any relevant banks or financial institutions involved. There is a lack of confidence in that reporting the incident will offer no benefit. This is probably justified in some countries, with victims of cybercrimes often simply advised to go to a local police station and hope that someone on duty will be sympathetic enough to help them complete a crime report.

However, faced with the massive increase in online crime, governments and law enforcement bodies have realized that in order to have any chance of containing online crime, it needs to be treated in the same way as any other type of law breaking.

Thankfully many countries have taken this challenge seriously so that reporting ransomware and other forms of online crime has become a lot easier in the US, UK and several parts of Europe. To start accumulating better intelligence regarding cybercrime, government agencies need to persuade the public and businesses to overcome years of conditioning and start telling law enforcement what has happened to them. These investigations are vital; without real-time reporting, gathering evidence quickly enough to catch perpetrators becomes impossible. Knowing which cybercrime gangs are operating and their mode of operation is essential to improve defenses, and make informed decisions following an attack.

Where can you report cybercrime and look for help?

The good news is that in the US, UK and many parts of Europe reporting ransomware and other forms of cybercrime is getting easier. In fact, the UK launched an online cybercrime reporting system as early as 2009 in the form of Action Fraud. In 2016 the European Union Agency for Law Enforcement Cooperation, better known as Europol, in conjunction with the Dutch police and several leading cybersecurity firms launched a portal, No More Ransom, which is intended as a single point of contact and advice portal for victims who are unsure about what to do next. Also in 2016, the FBI in the US set out its first ever note encouraging ransomware victims to report attacks in some detail through the Agency’s Crime Complaint Center (IC3).

Laudable though these reporting platforms are, awareness of their existence and importance among the public remains low, hence we have taken the opportunity here to list the relevant regional reporting sites and other online resources.

Cybercrime Reporting Resources by Region

Depending on your country of operation, you have the following options available to report ransomware and other forms of cybercrime:

For the UK, visit the Action Fraud website
For the USA, visit the FBI Agency’s Crime Complaint Center (IC3).
For Germany, go to the Bund website and also the Polizei pages.
For France, go to the Agence Nationale de la sécurité website and the Le Ministère de l'Intérieur pages.
For Ireland, go to the An Garda Síochána website.

Details for other European countries can be found on the Eurpol website and the No More Ransom Report A Crime page.

In Australia, visit the Australian Cyber Security Center website.
In Canada, use the Anti-Fraud Centre website

Of course, some preparation before embarking on a cybercrime report will save time and hopefully provide advice agencies with some information to help them advise you of the appropriate next steps.


The following details may be required by them:

    • Date and time the attack was first noticed
    • Details of the Ransomware variant if known
    • Victim company details
    • How the infection occurred if known
    • Scope of the attack, e.g. localized or global throughout branch offices
    • Requested ransom amount
    • The perpetrator’s bitcoin wallet address
    • Any ransom amounts already paid
    • Overall losses associated with the incident
    • Details of any Personal Identifiable Information that may have been taken and threatened for exposure.


A cyberattack can be a stressful and difficult time for any organization. Protected backups are a vital defence mechanism to help avoid having to meet ransom demands. For any questions please get in touch through our contact form, the Blocky team are always ready to help.