It doesn’t have to be elaborate. When you upgrade, keep one old machine tucked under your desk, or in the basement, where you can power it up if you have to fall back on it. Power it up from time to time to make sure it still works. That’s the main function my ancient Asus motherboard/Quantum hard drive combination serves these days.
PC Mag has some advice about ransomware. The most important bit of advice is to have a secondary machine that you can use to go get help.
Your secondary machine doesn’t necessarily have to even be an old PC, if you already discarded that one. It could be a smartphone, if you have one. In an emergency, it’s enough to pull up a web page with cleanup instructions. A tablet would be better still, since even a 7-inch tablet is more comfortable to type on than a 4-inch smartphone screen.
A PC is more versatile, of course, since you can easily download and burn a live CD with it, or download removal tools and write them to a thumb drive to use to fix the infected PC. It’s certainly possible to do that with Android, but the process to do that with a PC is more familiar. And I’ll dare say that someone who doesn’t have a four-year-old PC in the basement is less likely to have the adapters necessary to connect a thumb drive to an Android tablet. It seems like a pretty safe bet to me.
All that said, there’s no harm at all in being proactive. Burn a Bitdefender live CD. Get a couple of cheap thumbdrives, and write Bitdefender on one of them, and Windows Medkit and Malwarebytes, at minimum, to the other. Label the drives and put them in your desk drawer for the time you need them. Because if you don’t need them for your own PC, it’s only a matter of time before you’ll need them for a friend’s PC.