Re: Whoa there
"Either you can restore from backups, and your ideal IT team should be well-trained on doing so, or you can't, and you pay."
That theoretically is the easy bit - though still hard work. Business demand for return to service will probably exclude time to analyse and understand how the breach occurred. Hence the restore will need to be munged in some way so that the external routes are changed/blocked hopefully giving you time. However, you know that the restore may contain the 'bomb' so the encryption repeats. Ok, you can reload an earlier backup hoping the bomb wasn't a sleeper. But the older the backup the less use it is. Indeed it may cause more issues then it solves.
But the bottom line is any ransomeware paid causes more ransomware to be made. The excuse that is somebody else's problem is not good for business as a whole. Legally outlawing ransoms will only ever be partially effective. We have to swallow the bullet that business as a whole has to bail out stricken victims - notwithstanding the issue may have been caused by feckless management. Save the company with whatever it takes in money and resources but fire the Directors would seem to be a strategy worth investigating.