"It is 2020, what was the customer data and critical systems doing on Windows boxes, rather than Linux with a snapshotted file system underpinning the storage?"
In a lot of cases I'd agree with you. That would be the consequence of running a monoculture and getting phished.
However it looks as if this was the consequence of a failure to protect their VPN against intrusion and the intruders have been able to take their time. By now they'd probably have acquired admin credentials on the Linux boxes. I doubt there's anything beyond a dumb printer in there that could be trusted by now.