An org hit by ransomware is telling me the threat actor got in via WS_FTP, for infos, so you might want to prioritise patching that. #threatintel