If you were able to track it down. Was it an employee clicking on an email link or something else. The one we had a few years ago was a secretary falling for a phishing email, but it really only affected her stuff and I was able to recover most of it so it wasn't too bad.