So, how is it possible that an employee (even an IT administrator) clicking on an executable attachment can somehow wipe out the bulk of the organization's databases, network file shares, and backups? Ransomware is essentially a form of trojan program that runs on the user's desktop, and it only has access to those resources that the user would have. This underscores the need for implementing better user account least privilege polices, desktop access controls, and email attachment protection.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho