Ransomware is a trickier and more common problem than state sponsored misbehavior. There are fewer clear cut solutions besides better security and practices on our end.
There is nothing tricky here. If organizations invest in proper security, training, and mitigating controls the impact can be minimized if not removed altogether. The problem is that those things require money and changes to workflows and practices. Also, employees don't like to be told to do things differently or more securely because it makes work more difficult. Organizations do and spend the bare minimum it takes to get to a risk threshold that is deemed acceptable.
I have seen this my entire career and there is no end to the list of examples:
Not performing maintenance/updates because systems can't be taken offline because they lack redundancy
Not maintaining remote/air gapped backups because it is cumbersome and costs more money to store data
Not implementing safer mail security rules because it makes it harder for employees to do their jobs
Not having the control systems separated from the corporate network because it makes it harder to run the systems
Not locking down workstations...for reasons
Whatever the actual cause of the event, it was avoidable. It was a risk that they took and they paid the price ($5M?). It is also being reported that decrypting seems to be taking significantly longer than anticipated rendering that option almost unusable. Good spend of $5M apparently. Had they spent $3M on better security practices, they could have pocketed $2M and not ended up in the news or crated the fallout of dummies hoarding gas. I fully expect them to file for corporate welfare and get a nice big helping hand from the tax payers.
As a side note, we need much more scrutiny of any organization that provides important infrastructure in this country. Just a few short months ago, the fantastic deregulated Texas electrical grid killed people and crippled a state. These providers need more oversight down to the "when did you last patch workstations?". Fuck the Libertarian "less government" bullshit.