Still, the Boston head of cyber said that organizations that have procedures in place for regularly backing up their data can avoid paying a ransom at all, by simply restoring the infected system to a state prior to the infection.