There was a post on here a few days back about why it's not that simple. Basically, by the time your stuff is ransomed, they've potentially been in your network for a long time. There's no telling how far you have to go in your backups to make sure they are gone. Who knows, maybe they wait on your computers for several months just so restoring from backups isn't a realistic option, and punish you for trying.
What? I mean back up your data. Not your whole... computer, or whatever. Install latest software, import data from back up, back in business.
It's trivial to tell intact data from ransomed data - the latter looks like random noise, as it's encrypted.
If your backup process "isn't that simple", then you should make it that simple. Otherwise failure looms.
You misunderstand. I'm saying the network has potentially been infiltrated for months, and there's no telling what configuration and files have been altered to facilitate future infiltration. See further discussion here: https://news.ycombinator.com/item?id=23929344
