Ransomware: How to Respond During an Attack

  • February 15, 2025
  • Edited 3 weeks ago

Ransomware: What It Is, How to Handle an Attack, and How to Protect Your Business

Ransomware is one of the most pervasive and damaging cyber threats facing businesses today. It’s a type of malware that encrypts your data, holding it hostage until a ransom is paid. And while the average ransom demand is around $5,900, the real cost—downtime, lost productivity, and reputational damage—can be up to 23 times higher.

In this two-part blog series, we’ll break down everything you need to know about ransomware: what it is, how to handle an attack, and most importantly, how to prevent it. Let’s start with the basics.

What Is Ransomware?

Ransomware is a type of malware that encrypts your files, making them inaccessible until you pay a ransom. It comes in many forms, including CryptoLocker, Petya, and WannaCry, and it’s constantly evolving, making it difficult to defend against.

Here are some key facts about ransomware:

Who’s at risk? One in five small and mid-sized businesses (SMBs) report falling victim to a ransomware attack. Businesses without outsourced IT support are at even greater risk.

Where do the risks come from? Phishing emails are the leading cause of successful attacks, but weak passwords, poor user practices, and lack of cybersecurity training also play a role.

How can risks be reduced? Four in five businesses recover within 24 hours or less when they have a Business Continuity & Disaster Recovery (BCDR) plan in place with the support of a trusted IT provider.

How to Handle a Ransomware Attack

If you’re hit with a ransomware attack, time is of the essence. Here’s a step-by-step guide to handling the situation:

Shut Down Infected Systems Immediately
Disconnect the infected device from any network and turn off wireless capabilities like Wi-Fi or Bluetooth. Unplug any external storage devices to prevent the ransomware from spreading.

Determine the Strain and Scope
Identify the type of ransomware and assess how many devices and what kind of data have been affected. This information is crucial for reporting the attack and deciding on next steps.

Report the Incident
Notify your organization and report the attack to the FBI or local authorities. This helps law enforcement track ransomware trends and assist victims.

4.    Evaluate Your Options

1.    If you have backups, restore your data from a clean backup.

2.    If you don’t have backups, consider using a third-party decryptor (if available).

3.    As a last resort, you can pay the ransom, but beware—this increases the likelihood of future attacks.

5.    Prevent Future Attacks
Once the immediate threat is handled, take steps to prevent future attacks. This includes employee training, investing in endpoint security, and implementing a BCDR plan.

Stay Tuned for Part 2 In Part 2 of this series, we’ll dive deeper into how to prevent ransomware attacks, including employee training, endpoint security, and the importance of a Business Continuity & Disaster Recovery plan.

In the meantime, if you’ve been hit by ransomware or want to ensure your business is protected, don’t hesitate to reach out. We’re here to help.

Dhennis Tolentino

About the Author: Dhennis Tolentino

 | Network & Communications Engineer

Dhennis is a U.S. Air Force veteran who honed his engineering and leadership foundations in high-stakes military communications environments where network uptime is mission-critical. Holding a B.S. in Network and Communications Management, he brings strict operational rigor and defense-grade security practices to corporate IT infrastructure.

  • Expertise Track: Network Infrastructure Design, Strategic IT Project Coordination, Defense-Grade Security
  • Core Tech Stack: Communications Protocols, Enterprise Routing & Switching, Network Architecture
  • Connect: Meet the Team
Share this article with a friend

About Xperts Unlimited

We deliver flat‑rate, all‑inclusive IT and cybersecurity solutions to SMBs in Los Angeles and Orange County. As your in‑house IT partner, we offer 24/7 support, proactive threat detection, and seamless incident response.

Our Services

Need Cyber Help?

Emergency Cyber Response

Expert digital forensics & crisis recovery. Contact our IR team now.

Book Consultation

More Articles:

Why Antivirus Alone Is Not Enough to Protect Your Business »

Computer motherboard in purple light

The 2026 State of IT & Cybersecurity for SMBs »

Futuristic image of a hand interacting with a holographic cloud interface, surrounded by icons representing data security, storage, and connectivity in a digital environment.

The 9 Most Important IT Services Small Businesses Need In 2025 »

Two professionals collaborating on a laptop in a data center with server racks, discussing IT infrastructure or cybersecurity solutions.

12 Types of Managed IT Services: A Full Guide for Business Owners »

Image showcasing IT compliance with a hand interacting with a digital interface featuring a checkmark icon and various tech symbols on a circuit board background.

Managed IT Services vs. Break/Fix: Which Is Right for Your Business? »

Image of two professionals analyzing data on a large screen displaying charts and maps in a modern office, focusing on data analysis.

7 Aspects of Managed IT Services Every Business Owner Should Know »