Jim Roseberry
I know it's mentioned a lot... but this is exactly why we all need to be diligent with keeping a reasonably current backup image file.  

 
Except when the malware waits and ends up on backup drive too (had this happen - SUCKS!).

Yes - and this is why you might want to consider multiple generations of backups, so that you have more than one back version.  The trade off there is time and effort, as well as cost - versus additional levels of protection.
 
There are practical limits as to how far back you go - in a mainframe environment, we had daily backups, weekly backups, monthly backups, and yearly backups, in addition to the active recovery for backing out in-flight transactions that failed, or for applying data forward in the event the before-images of transactions failed for some reason.  There were also backups maintained off site in case of facility failure (fire, explosion, etc.).  But no home system is likely to have this extensive of a system in place.
 
So, folks that have gained the scar tissue that comes with losing data usually decide to set some sort of backup/recovery plan, and the success of that depends on a reasonable amount of protection, and the discipline to faithfully execute that backup plan, or automate it and review it periodically, to make sure all is well.
 
Bob Bone
 

dubdisciple
I'm sure it is a felony, but good luck finding the guys doing this.  odds are good they are in a country where catching these guys is not a priority.

The problem is that the legal costs to chase this down are 10/20 times the value for one go. And no one can afford that.
 
But there is precedent ... and we had, once, someone threatening things and my friend, got smart, grabbed everything, and then simply gave it to the FBI ... they asked two questions and the guy was arrested 20 minutes later. That's what happens when you mess around with an admin that DOES KNOW what he is doing! Don't push the button!
 
Nowadays, many of these places and ISP's do not have one third of the security that the earlier days ISP's did ... and that guy is now on a $120k a year job ... should tell you that there is a lot that can be done, but you are looking in the wrong place! It has to start on the "inside", and those invasions are not being handled like they should by the ISP to add control.
 
There is no such thing as "invisible" in this world, and anyone, terrorist or bank robber or whatever, thinking that they can not be tracked ... is naïve! I do think, that the big issues are the big internet international transitions that do not check/mark/cover anything, and even allow an obvious spam to get through!