I was working when my boss called and reported a ransomeware attack!
We were lucky, as we had our honeypot memory-dump during attack. Well, not as lucky as others who are not victims!

Hint: Murphy's law on memory forensics: If you start looking for encrypted files from the beginning of the malware memory, you'll end up finding them at the end of it :)