Defenders beware: A case for post-ransomware investigations