I mentioned this ransomware incident the other day, but now Catalin Cimpanu has a really good article with much detail about the ransomware and ransom demands, etc. You can read his report on BleepingComputer.
Catalin’s article answers one question I had posed about the NHS Lanarkshire incident – the ransomware is believed to be installed by attackers performing brute-force attacks on exposed RDP endpoints and then moving laterally on the network, installing Bit Paymer manually on each compromised system.