OK, yet another example of a media report that doesn't know what it's talking about.
"Software virus"? That's redundant. (I am willing to withdraw my objection when somebody shows me a hardware virus.)
Given the (minimal) information provided in this report, I strongly suspect ransomware.
This article on Darkreading.com mentions that it might have involved exploitation of a vulnerability in Pulse Secure --- used for VPNs --- being exploited.
(The vulnerability was announced last year)