We recently had a new Disaster Recovery client we picked up (Epicor) with a 70 user system. They got hit with Ransomware and were demanded $100k + an additional $100k PER DAY not paid. They only backed up their systems to on-premise data stores. Their only 'lucky' break was they had a server powered down at the time that had a 2 month old copy of their data. They decided to run with that versus pay the ransom. To make matters worse, a month later, they got 3 feet of water in their office/factory thanks to Hurricane Harvey.
I know your scenario in a multi-tenant cloud is completely different and you had no data loss, but its a reminder to all you 90minds members, that the majority of on-premise clients you have are likely not nearly as safe from ransomware as their IT department/provider is telling them they are. The only way they will find out is when they get hit. The vast majority of backup solutions (which includes software, hardware and people) have one or more flaws in their design relative to Recovery Time Objective (RTO). Just having a backup of data that is a day or less old isn't enough. They need a solution that can make sure they can be USING their data and solution in minutes or an hour the most. Not days that it takes to piece together a corrupted server with various software versions, patches etc before they can restore their data and start using it. PM me if you want to discuss any client scenarios in more detail and I can suggest whether they have more exposure than they think.