I am not exactly sure what dark powers were US government using to force people to leave 3389 on public facing ips. I thought that CIA mind control experiments failed.
According to CERT [0], the original infection vector is still unclear but possibly phishing, however once a computer is infected, any vulnerable machines on the local network are targets.
Yep, too many companies still use the Ring Fence approach to security, in a day where Mobile Devices and laptops are moving all the time this is very very very bad.
All it takes is one infected machine to get behind the permitter defenses and it is game over.
[0] https://www.us-cert.gov/ncas/alerts/TA17-132A