A CryptoLocker attack has hit marketing firm Major Players, weeks after the National Crime Agency brought down a botnet distributing the virus.
The ransomware encrypts users files before demanding payment to unlock them, threatening to prevent access to the files forever if the victim does not comply.
Peter Groucutt, MD of security company Databarracks, which works with Major Players, said: "They were faced with a ransom message listing the affected files and giving a deadline to either pay up or lose them forever."
"As soon as their head of IT contacted us, we were able to restore all their files immediately and stop the daily scheduled backups from running, to prevent the encrypted files from overwriting the existing backups."
Earlier in June the ransomware was reported to have vanished after an international police effort to bring down its botnet for two weeks, with companies advised to patch software while they had the chance.
CryptoLocker is thought to have claimed £15.9m in ransom payments in the two months after it emerged in September of last year, and as of April of this year more than 200,000 computers are thought to have been compromised by it.
Groucutt advised firms to avoid suspicious looking emails, instigate procedures for employees to follow during a breach, and ensure all data is backed up regularly.
"The scary truth is that attacks can happen to any business and if the right precautions aren't taken the effects can be disastrous," he added. "Our advice would be to heed the government's warning now before it's too late."