[insickness]

> So you’re like, “Oh great. We have backups, the data is there, but the application to actually do the restoration is encrypted.”

From my experience dealing with ransomware, most encrypted applications are not recoverable, even with the key. Those app servers need to be rebuilt or restored. File servers and individual files can be decrypted using the key, but applications get scrambled.

[jon-wood]

They need to be rebuilt. There’s no ifs or buts about that, once a server has been compromised by a malicious actor it can no longer be trusted. Even if you could just restore functionality you have no guarantees that there’s not a time bomb ticking away to hit you again at some later date now they’ve established you’ll pay out.

[chiph]

Rebuilt? Replaced! All of them are now suspect.