If you don’t care about security, the bad guys care about you
Internet facing RDP... Jesus. I love it when you find it on jobs. It’s an easy win. It’s insane that people don’t put it behind a VPN (that requires MFA).
Ofc that alone isn’t a fix for ransomware. There is no single fix, which is why companies keep getting reamed. They’d evidently rather risk paying millions than definitely spend money avoiding the risk, even if it basically guarantees they won’t be badly affected. It’s 100% the board’s fault. They could force a change, but costs reduce their dividends. Better to risk it and make secret payments to the criminals if you get hit rather than reduce your take home pay innit?
The fix? Nothing new or exciting. Regular, tested off-site backups, maintain a register of installed software and audit it regularly, patch regularly, MFA for all sensitive services and accounts etc.