Last time our parent company got hacked, it took them a whole month before they got back to normal. A few days after they got back to normal, a guys from our parts department opened an old email from them and we got infected.

The parent company got worried about us, but we get attacked about 3 time per year with ramsonware, and backups are done weekly. They were very impressed by the speed of our recovery. 3 days was all it took to go back to normal.

I am glad the ransomware scare has gotten some company boards to give a shit about their information security. However, recovering from ransomeware should really just mean you have a shit week recovering from backups that should be secured already.

What frightens me is not having a plan for the fallout of the attack. Public relations, Share holder and customer relations, investigating if information was stolen or exfiltrated and what to do if it was then threats of leaks etc... sounds like nightmare compared to just getting systems operational again.

The proper way to handle this would be for companies to form a coalition or be insured, with the requirement that all members refuse to pay ransoms, so that they can refuse any ransom demands and be covered on repairing the damage. Then the only incentive for these attacks would be destruction, but not money.