The attack was carried out by the gang behind Ragnar Locker, who break into company networks, make themselves admins, conduct reconnaissance, delete backups and deploy ransomware manually, before demanding multi-million dollar ransoms.
“Delete backups…” ???? If you hold your backups on the same network as your production segment, and you lose that….. fill in the blanks. There’s something VERY wrong with this approach. All backups should be decentralised and held offsite.