Re: Most of this is about creating committees ...
A shadow copy is not a backup, per se. It is a copy of the state of the hard drive, before an event took place. VSS can be included in a backup strategy. but it isn't a complete strategy in and of itself. It is designed to keep a backup copy "in place" on the original hard drive/partition (or to a shadow drive/partition).
Some malware already got wise to that and started encrypting that as well.
The latest drops down to the Hypervisor level and encrypts the whole server landscape's virtual drives, from the outside, so no VSS to get back to.
A lot of companies are wise to this and do recover from backups. The ransom has to be set right, to be just less than recovering everything yourself. The other thing is, what do you have to nuke?
The servers that were affected? Fine, but are you 100% sure the other servers are free of malware? What about your PCs and other client devices? For such an attack, if it isn't nipped in the bud, you pretty much have to re-image every PC and rebuild all the servers and restore the data.
Oh, and how long has the malware been on the system? An hour? A week? A month? So, you can recover the data, but you'd still need to really rebuild each server individually, to be sure.
You can take this as far as you want. In some cases, throw away the hard drives/SSDs and replace them with new ones. Not sure if they tampered with the BIOS/EFI? Better install new motherboards, while you are at it...
Even if you are lucky and catch it early and can clean or rebuild the 1 or two servers that were affected, the latest scheme is to exfiltrate the data they are encrypting. If you don't pay up, your plans, confidential emails and documents etc. will be posted online for the world to see...
Even if I paid to get the data recovered, that would only be the start of the process. You can never trust the infected machines again, so you would be rebuilding or replacing them anyway, just copying the recovered data to the new machines, instead of restoring from backups...