The bigger IMO problem with ransomware attacks isn't necessarily that they're holding your data hostage, it's that they can and will publish it. You might be able to tell them to kiss your ass because you have backups, but then they'll publish that information. It's a bit more of a rock-and-a-hard-place situation than most people realize.
Eh. From my understanding the people that pay do fine. As sick as it is, these crews following through is good for business. These crews are making tons of cash. If word gets out they don't unencrypt and do publicly publish - people will just stop paying: period. Hell. Some of these crews have a help desk. [1]
> Which if you pay the ransom, means also relying on the word of the people that are actively extorting you.
As weird as it sounds, reputation matters for these guys. If you have a track record of taking the money and publishing data anyway, no one is ever gonna bother paying you in the first place. Why would they? Your data is gonna get published no matter what, may as well save the ransom money.
1. If you *don't* pay, then you know bad things will happen.
2. So you might as well pay, regardless of their reputation, because your chances are strictly better even if they are nearly nothing.
3. Knowing that, there is no incentive for them to maintain a reputation by honoring the ransoms.
Tape backups are ok but still mean significant operational downtime because recovery from tape is slow. This is better for long term data storage than rapid recovery.
For recovery, you need more accessible backups. And to test your backup plan.
The time to restore from backups after a ransomware attack is more about figuring out how they got in and closing any back doors then cleaning out the existing systems, applying the latest security updates etc., rather than actually restoring the backups from tape or whatever.
The last thing you want is for your backup to restore whatever back door they installed a few weeks before they launched the actual attack, or to leave the unpatched system (or whatever it was) open and immediately have the attackers encrypt all your files again.
High end tape reads sequentially faster than a typical spinning HDD, so it should be possible to design for rapid full restores. Rapid restores of specific files (e.g. to recover from accidental deletion) would be slow from tape though, so are probably best served by online snapshots rather than the DR backup.
