My recent ransomware reports are all depressingly similar. PLEASE look to the security/patch level of edge firewall/VPN devices, send their logs to an external host for long-term storage, and make sure you have network-layer logs that show attempts to compromise these devices.