It would be interesting to know what OS was compromised. My guess is Windows Server. It would help others to know the OS. If, for example, 98% of the ransomware attacks are against Windows, one could use that to make a case for migrating off Windows.