Recovering after a ransomware attack