how to recover from a ransomware attack that encrypts files on sharepoint

Hi all: 

I work for a small organization that relies on Office 365 sharepoint sites.  All 20 users have 365 for business licenses.  I have my team set up using onedrive syncing the sharepoint sites to file explorer locally.  They can navigate our sharepoint sites in file explorer and it looks to them like they are just using their local drive.  So what happens when an user gets a cryptovirus that rolls through their local sharepoint folder and this syncs up to the sharepoint site and now all of the files there are encrypted?   I have been reading through Microsoft mitigation and recovery measures.  I understand how an user can go back in time and recover their entire onedrive from a ransomware attack.  However, I cannot find how I, as the sharepoint office 365 admin, can do a similar restore.  Versioning is turned on and I can restore individual files.  What I don't see are the controls for a sharepoint site that would allow me to do a similar mass restore from a previous point in time.  Can someone point me to where this is documented?