Mirroring or replicating the data isn’t necessarily going to help–they’ve presumably been replicating the encrypted data since they were compromised. Replicating the data to another site protects them from issues at one site (such as catastrophic failure of the storage array), not problems with the data itself. It also allows them to switch quickly over to the second data center in case of disaster.
Depending on what they’re using for storage, local snapshots might have helped (depending on how long they keep them). I’ve known a couple of organizations who got themselves out of trouble that way. If they don’t have snapshots or they don’t go back far enough, then they’re stuck restoring from backups.
The fun part was figuring out how they were compromised so it didn’t happen again immediately afterwards.
