It is all very well saying that - oh they should have had proper backups.
Unless you are targeted by these sort of groups, you have no idea how destructive they can be. They can sit inside your network for weeks, and map out everything including your backup regime. They will know you have offsite backups and make sure that those are left in a useless state. You do restore your offsite backups to confirm they are valid, dont you. Thats great, however what happens if there is now a booby trapped file in your backup that activates after a certain date and re-encrypts your network.
They will wait until they know the best time to strike, 3am in the morning when no admins are around means you will cause more damage without anyone knowing and taking action.
no point in password protecting things, they probably have your domain admin credentials.
Are you sure you can pay the fines for having confidential medical or financial information released to the world?
A $1million payday can really concentrate your mind to make sure you do enough damage so as your victim has no option but to pay up. Not bringing morals into this - I know all of us would never do this, but as think of this as an academic exercise.
If any of us knew we could earn millions without a chance of being caught, do you think you could wreck a companies network and their backups?