*Nelson* Ha Ha...
I mean seriously, to be hit with Ransomware and to have that an effect on your production systems you must have been violating "best practices" a _LOT_.
It's not like such a thing or the cheap mitigations against it are new. Simply splitting your network and limiting what your clients have access to can bring a lot of additional security while only costing a few Euros per department.
If I was in the IT department of that company, I'd quickly try my best to fake notes I sent upstream to warn about this.