There very well may be backups. Unfortunately, there are at least a few problems:
1) How far has the malware infiltrated the company's systems? If they can't answer that, then undertaking the recovery process may be a vain effort, since the malware may just spread again to the recovered systems.
2) How long was the malware in the network before it triggered? If the company does know that, recovery from backup may also restore the malware.
3) How much control do the malware writers have over the infected machines? What access do the technical staff currently have?
4) Depending on how deeply the malware has spread, the company may actually need to wipe and bare-metal recover a number of systems, possibly including the backup servers themselves. BMR is not usually a trivial process, unfortunately.
If it's a really bad incursion, the company may still be diagnosing the problem, and backups are only a part of the recovery strategy.
Biting the hand that feeds IT
