One mistake, followed by another mistake, and before you know it, you’re in ransomware hell.
“The account of the late employee wasn’t shut down because various internal services had been configured to use it, presumably because the deceased had been involved in setting up those services.
If they had closed the account, it would have stopped those services from working. It appears that keeping the account going was a matter of convenience. Not good.”
I’m sure it was easier to use your own account to run a service, it’s your account after all, and it’s easier to just let that keep running with that same account than it is to take the time to reconfigure the services.
It’s all so inconvenient to redo all that work, when there are so many other issues going on at the same time. I wonder how inconvenient getting hit with ransomware was?