There are multiple things that are done here. Suppose you had great, immutable backups. They still have many things that can ruin your business
1. Restoring networks, servers, third party services with knowledge that anything you restore could be compromised as well. Keys
2. The attackers will then threaten to dump all of your private information.
It is more than just restoring data, it is restoring and resetting your entire infrastructure. And most places have backups, but they don't practice entire restores
> And most places have backups, but they don't practice entire restores
Or worse, they only practice part of it. Only once in my career have I seen a "restore.txt" that didn't start with something along the lines of "connect to $server".
Ok, that assumes a LOT is already in place. Where is the "restore.txt" that goes over how to get $network up so that I can resolve the IP(s) for the server I need to restore?
I can't prove it, but I suspect that most businesses know deep down that they _cant_ do a "black start" and they know that even a practice run is likely to find some pretty basic and embarrassing issues that will just be too costly to address.
1. Restoring networks, servers, third party services with knowledge that anything you restore could be compromised as well. Keys
2. The attackers will then threaten to dump all of your private information.
It is more than just restoring data, it is restoring and resetting your entire infrastructure. And most places have backups, but they don't practice entire restores