Incompetence.
There is simply no excuse for a modern enterprise to be affected to the extent that they have to shut down their IT operations. More than likely they have not shut down, but disconnected from the outside world while trying to affect repairs.
Still, using the technologies that are built into my storage arrays I can roll back a crypto-locker infection in a matter of minutes.
It's a shame there's not a technological solution to stupid users.
The company I worked for, had NO connection on anything that involved MONEY.
They had a web presence and the usual internal network.
They were maniacal.
Usb and other ports were filled with hot glue!
Some of the keycaps same.
A pure sneaker network.
They had a relative that was a heavy hitter in the anti malware bis, he supervised the set up.
That was years back, not sure if that works now.