Report a Cyber Attack

If the cyber attack is potentially life-threatening (e.g. related to health systems) call 999; otherwise follow NCSC’s where to report a cyber incident service.

If you’re an ISnortheast member and it’s likely to have impacted other North East Public Sector organisations then notify them by email: negwarp@neict.jiglu.org.

If you are experiencing a live incident, you can call Action Fraud immediately on 0300 123 2040 and press 9 on your keypad.  This will allow your call to be dealt with a s a priority and your live incident will be triaged over the phone.  Next your incident will be passed to the National Fraud Intelligence Bureau (NFIB) who will review your report and conduct a range of enquiries, it may be passed to the relevant police agency.  You will be kept informed of the status of your report.

If you have access, check the CiSP to see if others have reported the same issues and to see if any mitigation or other advice has been posted. You can sign up to the CiSP here.

Alert any networks you’re connected to, e.g. JANET, PSN, PNN, HSCN / N3 (CareCERT etc.) and also your colleagues and contacts in organisations you work with.

To help others understand the potential scale, severity and impact of the incident please provide answers to the following points:

    1. Who are you?
    2. What organisation are you reporting an incident for?
    3. What is your role in this organisation?
    4. What are your contact details?
    5. A summary of your understanding of the incident, including any impact to services and/or users
    6. What investigations and/or mitigations have you or a third party performed or plan to perform.
    7. Please provide the output of any technical analysis.
    8. Who else has been informed about this incident?
    9. What are your planned next steps?

The National Cyber Security Centre (NCSC) has created the Small Business Guide to Response and Recovery. It provides small to medium sized organisations with guidance about how to prepare their response, and plan their recovery to a cyber incident.