It appears the PGA was hacked and fell victim to a ransomware attack. According to some reports, attackers used BitPaymer Ransomeware. This allows attackers to hack into remote desktop services connected to the internet.
If I have said it once I have said it a hundred times: Do not allow Remote Desktop Services to connect into your network from the internet.
Utilize a more secure remote access application. Also, two-factor authentication and regular password changes should be incorporated into your process.