I wonder why companies don't:
(1) Take everything offline
(2) Restore from backups
(3) Bring up networks internally only
(4) Fix security flaws
(5) Carefully open minimal external networking
(6) Monitor, monitor, monitor
(7) Reevaluate if they need such a large online presence
(8) Implement an online presence that it isolated from your internal infrastructure and databases
If you have to pay ransom, that would imply you don't have a good backup strategy in place.