Some companies I've worked for have "disaster recovery" drills periodically. Those should involve restoring backups. From that you should have a timeline of how long it takes to perform a restore.
If it takes weeks to perform a restore then that should be a major red flag and be addressed.
Of course, if a company has the kind of security that allows them to be hit by ransomware, then they probably aren't diligent about their disaster recovery scenarios.
obvious problem here is that most dont perform dr test across all systems simultaneously - they do it by major component, and usually have a working system.. ransomware can take down ALL of that, so you are left with bare metal recovery, and no infra to build off of.
If it takes weeks to perform a restore then that should be a major red flag and be addressed.
Of course, if a company has the kind of security that allows them to be hit by ransomware, then they probably aren't diligent about their disaster recovery scenarios.