So let's recap recent ransomware attacks origin:
- vulnerable assets exposed to the internet compromised because unpatched
- compromised VPN account without MFA
- compromised workstations by third party malware (emotet / bazar...)
Reminder: no 0-day, no mystery just that !