Some of our servers got hit with ransomware, which I uploaded to ID Ransomware. It was identified as REvil / Sodinokibi. We managed to restore the servers, but would still like to know where could have this came from and how did it spread? We do not have any Oracle WebLogic servers.