Several of my clients got Cryptolocker in 2016 but all were good with only losing a few hours of work as I spun up our backup solution. It snapshots every hour of the server and if a client gets hit with Cryptolocker, we can just roll back to a previous snapshot and run that snapshot as a virtual machine while the physical server is off. The virtual machine is THEIR server running from a couple of hours prior to getting infected so the value of OUR BACKUP IS IMMENSE! If your company is not worth $300 a month then roll on and not being protected but most companies are my client's livelihood so they understand the value in our backup.
On top of the backup we have our firewalls doing end point security so hopefully that stuff will get stopped BEFORE it ever comes into the building and that is a small monthly fee as well.
Let us know