Yes, clearly.
While servers, both physical and virtual, are backed up, workstations aren’t. Few companies do. Instead, they store their work related data on network drives which are backed up with the servers. Those network drives become the pathway for infections like cryptoware to spread across an organizations desktop and server environment. Every one of those desktops will have to be reimaged with its operating system and that takes a massive amount of time, especially if an organization isn’t running an enterprise deployment system.
Ransomeware attacks come in through a number of different vectors. Hackers scan for open ports on the firewall and look for ways in. Port 3389, the default Remote Desktop port, is a common one where a hacker will run a brute force type attack searching for a working login combination using automated bots.
Another method, the most common, is the users. They will get phished via email, click a malicious link, or go to a compromised site. Hackers will often run ops for months, gaining information on employee emails, organizational structures, etc, looking for weak points.
The bottom line, companies need to invest money in Infosec. Users need to be trained and regularly audited for good security practices, leadership needs to onboard, and services like dark web monitoring for user account information need to be invested in.
I work in infosec and most companies don’t take security seriously. If you run a business and you don’t, you’re a moron and it’s going to cost you. You either spend money now or you spend exponentially more later. It’s not some guy in a dark room hacking your network anymore. It’s one person, potentially even a team, in control of thousands of automated bots roving around the web looking for holes and gathering data on you, your network, the companies you work with, and your employees.
All of that, especially the comments about Ports 3389 and phishing begs the question, know that, why would anyone expose their system to the outside internet? Did their employees complain they could not shop Amazon or surf Facebook during their breaks?