TL;DR The Foster City ransomware attack is a local reminder that ransomware is not just an IT problem. It can stop operations, delay services, damage trust, and expose whether an organization is truly prepared to keep working during a cyber incident.
What Happened in the Foster City Ransomware Attack?
The Foster City ransomware attack began on March 19, 2026, when city IT staff identified ransomware on the city’s networks. According to the city’s own public update, the breach widely impacted city services and temporarily paused public services outside emergency response.
That last detail matters. Emergency services continued, but many normal public services were disrupted. For a city, that can mean delays for residents, businesses, vendors, and anyone who depends on municipal operations. For a private business, the same kind of disruption can mean delayed projects, missed deadlines, lost revenue, employee downtime, and uncomfortable conversations with clients.
Ransomware is often described as a cybersecurity issue, but that framing is too narrow. Ransomware is a business continuity issue. The technical attack is only the starting point. The real damage comes from what the organization cannot do afterward.
Why Should Bay Area Businesses Care?
A city government and a small business are not the same. But the business lesson is the same: if your systems go down, your operations go with them.
Most businesses rely on technology for nearly every daily function. Email, phones, accounting, file access, scheduling, client communication, project management, payroll, and payment processing all depend on systems being available. When ransomware locks files or forces systems offline, the impact spreads fast.
A construction company may lose access to project files and bid documents. A law firm may lose access to client matters and court deadlines. A manufacturer may lose access to scheduling, shipping, and inventory records. A professional service firm may be unable to communicate with clients or process payments.
The Foster City incident is useful because it shows the operational side of ransomware clearly. When systems are compromised, the question becomes simple: what can still function?
Ransomware Is More Than Encrypted Files
Ransomware used to be explained as malware that locks files until a ransom is paid. That is still partly true, but modern ransomware is broader. Attackers may steal data, disable systems, disrupt backups, threaten public exposure, and use pressure tactics to force payment.
That means recovery is not just about restoring data. A business may also need to investigate how the attacker got in, determine whether data was accessed, communicate with affected parties, involve legal counsel, notify insurers, preserve evidence, and rebuild systems safely.
Restoring from backup is important, but it is not the entire plan. If the backup is incomplete, infected, inaccessible, or too slow to restore, the business may still be stuck. A backup is only useful if it can support a realistic recovery.
Did You Know?
According to Verizon’s 2025 Data Breach Investigations Report Executive Summary, ransomware was involved in 88% of breaches affecting small and midsize businesses.
That statistic should make business owners pause. Ransomware is not only a large-enterprise problem. Small and midsize businesses are attractive targets because they often have valuable data, limited internal IT resources, and less mature security processes.
What Is Business Continuity?
Business continuity is the planning that helps an organization keep operating during a disruption. In plain English, it answers this question: if our normal systems are unavailable, how do we keep serving clients?
A business continuity plan should identify the systems that matter most, how long the business can function without them, who makes decisions during a disruption, how employees communicate, and what workarounds exist if core tools are offline.
For many businesses, this planning is missing or informal. The assumption is that “IT will fix it.” That is not a plan. During ransomware recovery, IT may be rebuilding systems, coordinating with vendors, working with security teams, and preserving evidence. Leadership still needs a way to make decisions, communicate with staff, and keep the business moving.
Backups Are Necessary, But They Are Not Enough
Backups are one of the most important defenses against ransomware, but businesses often overestimate what backups can do.
A backup does not prevent ransomware. A backup does not tell you how the attacker got in. A backup does not automatically protect you from data theft. A backup does not guarantee that every system can be restored quickly. It also does not answer who communicates with clients, what work pauses, or how payroll gets processed while systems are down.
The better question is not “Do we have backups?” The better question is “Have we tested recovery, and do we know what happens next?”
A business should know which systems are backed up, how often backups run, where backups are stored, whether backups are protected from tampering, and how long restoration would take. The answer may be uncomfortable, but it is better to find out during planning than during a crisis.
What Should Small Businesses Do Now?
The Foster City ransomware attack should push business owners to review their own readiness before they are under pressure.
Start by identifying the systems your business cannot function without. That usually includes email, Microsoft 365, accounting software, file storage, line-of-business applications, phones, and access to client data. Then decide how long your business could realistically operate without each system.
Next, review your security basics. Multi-factor authentication should be required wherever possible. Employees should use strong passwords and a password manager. Devices should be monitored and protected with endpoint detection and response. Security updates should be applied promptly. Remote access should be reviewed carefully. Administrative access should be limited.
Finally, document the response process. Who calls the insurance carrier? Who contacts legal counsel? Who approves client communication? Who works with the IT provider? Who has access to emergency contact information if email is down?
These questions are not theoretical. They decide how chaotic the first 24 hours will be.
How Managed IT and Cybersecurity Support Reduce Ransomware Risk
Managed IT support helps businesses reduce ransomware risk by keeping systems monitored, patched, protected, and documented. Cybersecurity services add another layer through threat detection, email protection, endpoint protection, account monitoring, security awareness training, and incident response planning.
No provider can promise that a business will never face a ransomware attempt. That would be dishonest. The real goal is to reduce the chance of a successful attack, detect suspicious activity earlier, limit damage, and recover faster if something happens.
For small and midsize businesses, the right partner should help connect technology decisions to business risk. That means looking beyond tools and asking practical questions: Can your team work if Microsoft 365 is unavailable? Can you access critical passwords during an emergency? Are backups isolated? Are old accounts disabled? Does leadership know what to do if systems go offline?
Read more in The Small Business Guide to Cybersecurity. You may also find Leverage a Disaster Recovery Plan to Empower Your Business and Ransomware Attacks: Examples and Case Studies helpful.
FAQ: Foster City Ransomware Attack and Business Continuity
What is the main lesson from the Foster City ransomware attack?
The main lesson is that ransomware can disrupt normal operations quickly. Businesses should treat ransomware as a business continuity risk, not just a technical security issue.
Can backups protect a business from ransomware?
Backups help with recovery, but they do not prevent ransomware. Businesses also need endpoint protection, account security, patching, monitoring, employee training, and a tested recovery plan.
What is the difference between disaster recovery and business continuity?
Disaster recovery focuses on restoring systems and data. Business continuity focuses on keeping the organization operating while recovery is happening.
Should small businesses have an incident response plan?
Yes. A small business should have a simple incident response plan that identifies decision-makers, emergency contacts, insurance steps, communication responsibilities, and recovery priorities.
How often should a business test its recovery plan?
A business should test key recovery steps at least annually, and more often if systems, vendors, or business operations change significantly.
About Professional Computer Concepts
Professional Computer Concepts (PCC) is a trusted Managed IT and Cybersecurity provider serving the Bay Area for over 20 years. We help small and midsize businesses simplify their IT, strengthen security, and modernize operations. Explore our services:
Managed IT Services | Cybersecurity | Cloud Solutions
From PCC’s Desk
The Foster City ransomware attack is a local example of a larger truth: technology problems become business problems very quickly.
A strong cybersecurity program is not just about blocking threats. It is about helping your business keep working when something goes wrong. If you are not sure how your company would respond to ransomware, now is the time to find out. Let’s talk.