I bet if they are regular PC's their people will pay the ransom instead of pulling the drive then unplugging and pulling the battery so the bios is back to original firmware then use a backup after reinstalling the OS. Learned this trick when I got Chernobyl back in the day, works every time. You sure as fuck can encrypt the drive and memory but I don't believe you can encrypt the bios firmware or backups on removable media in any way. Hell just buy winblows again for like $100 after clearing the bios and dropping a clean drive in the PC. Hell take the old drive and add it as a slave drive on another cheap computer and use a cd with gparted on it and your drive is fine also after a format and overwriting it a few times with 1's and 0's so it can never come back accidentally even.