If you like large post incident reviews of major ransomware incidents - there’s only a few of these - the British Library one is out now:
https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf
The long story short is they lacked resiliency, detection capability, and somebody exposed RDP to the internet for remote access for contractors.