Well, I'm a sysadmin covering 3 datacenters
It can take a while--especially if you do not know where the attack is focused. Servers? Network? Storage?
Then you have to deal with and fix whatever backups may already be infected.
That covers your own site. Are there any external partners / contractors involved? Are they under attack or vulnerable? What steps do we take to correct and prevent this in the future? Merely fixing it and then restarting is not an option if the vulnerabilities remain.
Given that this is a multi-state operation, I would imagine that this is quite complicated, covering multiple organizations/govts/contractors/laws/etc.
“”the Colonial Pipeline, which shut down Friday night as a precaution to evaluate the extent of the damage.... “ How long can THAT possibly take?”
Please remember, we are having to deal with Bejing Biden, who doesn’t care at all about America or American’s.