Experience is what pass over sadly for those with certs .. I I have show time after time certs limit you security if there no field experience. passing people with years of experience is foolish. Backup are great, but what if the backup have the parts of the bug that lets the bad guys in the back door again? My experience all data is suspect till checked. Restore in a slow restore with validation of data and out side connection limited. Unless they love paying the ransom they need to rethink their IT solutions. The other shoe to drop is the type data taken?