Here’s a great “inside look” blog post by Maersk’s IAM (Identity Access Management) service owner at the time of that compromise. I imagine Honda recently went through this exercise as well, and probably still dealing with the fallout. Excellent tips on account security and privilege management from a guy who lived through the worst of it.
I was at the tail end of my consulting days when ransomware started coming on scene. Had to clean up a few of these incidents for SMB clients. Even in a relatively tiny environment it’s no fun.