>Yes, but they shouldn't be able to go after your backups if you've got them set up properly.
I don't know how that would work. If malware gets onto a backed up machine, it's probably going to lie doggo for a few weeks while it spreads across the network, and so it will be in multiple backups. It's possible that an alert, technically savvy person such as Hubert could spot something, but the backups are still going to include the malware.
The malware might encrypt the backups, though that is probably quite tricky because it would require compromising elements of the backup software.There is still quite a diversity of backup solutions available so this sounds quite hard.
Even if you backups are readable you've still got a big problem. Any largish business is going to have hundreds or thousands of machines and databases to wipe, rebuild and restore. And each of them will need to be forensically checked to ensure that it the backup hasn't restored malware. You might be able to get a few key systems up from backup fairly quickly, but your infrastructure is going to be in bits for weeks while you check every single object on your network with any kind of microprocessor to make sure that no nasties are lurking.
It's hard problem because no matter how carefully you run your infrastructure, it's nearly impossible to stop a really determined and technically skilled opponent from breaching your defences. The zero days can always get you.