With decent offline backups, recovery from an attack should be easy. But of course beancounters see backup equipment (and the cost of running the backup procedure) as an unnecessary expense.
Where I worked in the 90's the computer system was responsible for the movement of a LOT of cash (over £500 million each week!!) so a rugged backup procedure was used - a full image backup of every disk to tape each night - the tapes were held for 30 days before they were reused (and 1 tape per month was pulled from the cycle and kept permanently) - the backups were tested by restoring each tape to a second system the next working night after the backup was taken.
This level of protection is now very rare.