It appears the PGA was hacked and fell victim to a ransomware attack. According to some reports, attackers used BitPaymer Ransomware. As a result, attackers can hack into remote desktop services connected to the internet.
If I have said it once I have said it a hundred times: Do not allow Remote Desktop Services to connect into your network from the internet.
Utilize a more secure remote access application. Also, incorporate two-factor authentication and regular password changes into your process.