All data should be backed up, and most importantly, secured such that the infected assets cannot compromise the backup via mapped drives or network shares. The backup should also be tested on a periodic basis to ensure it can restore all files in an uninfected state. A common mistake that organizations make is to attempt a restoration before the ransomware infestation is cleared and the process repeats itself until the environment is truly purged of the malware.