Perhaps there is a subtlety I have missed, but if the original vulnerability is not fixed, no amount of restoring backup copies is going to allow your users to consistently access their data. A vulnerable system will inevitably be attacked in exactly the same way, particularly if the hacker is keeping a log of which systems have been compromised but not unlocked online.