Not exactly network but maybe, but certainly operational. Shouldn't this
just be handled like disaster recovery? I haven't looked into this much,
but it sounds like the only way to stop it is to stop paying the crooks.
There is also the obvious problem that if they got in, something (or
someone) is compromised that needs to be cleaned which sounds sort of
like DR again to me.
Mike