That's typically what backups are for. No business should be so negligent as to ever need to pay a ransomware group in order to get their own data back.
As a data point, the Toronto Public Library decided to take the "restore from scratch" approach after being hit by ransomware, and it took four months before books could be borrowed again. Now, I'd expect a library would move slower than an IT-heavy company, but there are substantial costs either way and only one of them is probably covered by their cyber insurance.
So that’s what happened. I was wondering why they were having so much trouble. Their wording was evasive and I thought I til now that it was Covid closures related somehow without really understanding how covid would have that impact.
There could be times when there's an immediate need to get everything back up and running, but I'd be willing to bet that in at least some situations the time spent going back and forth with the extortionists to arrange the payment, then gather the funds, and then wait for them the verify that they have your money could take longer than it would to just re-image a new server, reset some passwords, and copy over the needed data from backups. It's the same stuff they'd have to do either way.
My guess is that companies that have their shit together enough that they could get back to a "We're total compromised and vulnerable, but at least we're online for now" state fairly quickly without paying up are a lot less likely to have ransomware problems in the first place.
