Note that the attackers can also threaten to release data. Backups are no protection against that. They could also corrupt data and not tell you which part was corrupted and when, so even if you have backups you don't know which ones are corrupted unless you have some way of verifying all the data. One example of this would be to plant a backdoor, leave it in place and unused for months, then trigger the ransomeware encryption. The company decides not to pay, they restore from backup, and the attackers use the backdoor to encrypt it all again and demand even more. They could also use access to destroy hardware, say on a timer that triggers after the payment deadline. Backups won't protect against that if you can't get all your systems offline fast enough, or if taking them offline triggers the destruction.