Once the extent of the ransomware infection is fully understood, the DR team can start prioritizing which systems will need to be brought back online first, based on business need. This information should all be
defined in the DR plan. This doesn’t mean that organizations can start restoring immediately; this is still the planning stage.