Re: Victim of what?
Any organisation can be hit by ransomware,
But most are not badly hit. I've worked for a company with 90,000+ employees across the UK, Europe and US, with about 80-90% having a laptop or desktop. The breadth of the attack surface was immense, and this was a high profile household name with around 15m customers. We were running older versions of WIndows, crappy old browsers, but through proper planning, proper controls, proper security management the company didn't get hit by ransomware or related attacks, or rather it did, but they were ineffective, or controlled at the first point of infection.
Councils and health services have no good excuses - even if you have to run old and unpatched software, there's mitigation strategies that work. Of course, their weak excuses are still much better than those for idiots like Maersk, who have the scale, money, commercial interest to avoid this type of attack, but didn't.