Stories about ransomware and malware corruption seem to be on the increase.
Are they really increasing? Or are you noticing them more? I would rather say that major attacks are declining, and are more and more focusing on companies that try to do their own IT.
They attack those who can least afford to restore from backup such as the Colonial Pipeline and hospitals. Colonial paid 4.4 million.
Which proves that Colonial was (a) incompetent since their system had enough holes to let the hackers in, and (b) incompetent because they didn't have a plan for what to do when their systems become inoperable. And that the government should supervise infrastructure that is of national importance (such as fuel pipelines), since the companies are not competent enough.
There is a story in Wired about a theft of RSA SecureID seeds from an air-gapped server. This event was blocked by non-disclosure for ten years.. now we know.
We have known for the last "many" years that SecurID tokens had been cracked. I remember when suddenly they were all replaced or swept away by other technology. Furthermore, we have known since the "clipper chip" wars and the Ed Snowden disclosure that RSA (the company) was bought off by at least the US government, when they caved in to the clipper chip. And perhaps by others too. I haven't seen a SecurID in many years, nor any other RSA product in use.
EDIT: There were many stories published about that in 2011; it is possible that the full details have just become available, but "The Register" was full of this in 2011.
People continue to be sloppy with passwords. For example, "SolarWinds123". I am surprised that IT does not enforce some software discipline.
Yes, like the famous scene in Spaceballs: "12345 ... that's the same password as my luggage". No, in major companies IT first enforces reasonable passwords (no more 12345 or Password or new laptops shipping with password = New4You). And I think in the last ~10 or 15 years, I have not been able to log into my employers systems with just a password. It takes some form of 2FA, for example a trusted laptop (serial number recorded and checked, corporate supplied) first setting up a VPN with one password, then a login with a second password. Or hardware two-factor authentication, such as fingerprint readers. For example, at one employer people were given the advice to please configure their computer with fingerprints from both hands, so if they have a minor kitchen accident and have to have band-aids on the fingertip, they can still log in.
People issues aside, I am wondering what sort of server software these malware victims are using. Windows, Linux, BSD, other...
Statistically speaking, it is 99% likely that the OS on the servers is Linux, although Windows is still used some in industrial SCADA systems. But the OS itself doesn't matter much; security is about much more than the one OS.