More on this:
As the article mentions, due to the nature of this hack, with wiping of MBR and overwriting of files on all drives a part of the hack, forensic recovery is most likely impossible. At the same time all logins are being exposed so they could hardly even restart this network if they want to.
Even the author asks: “So, how does a company recover? Burn whatever’s left and build something entirely new and different?” - Id say it would be worth investigating. This could really be the case use example for a safe approach. But it will rely on the encryption of safe being exceptional also.
Of coarse since RSA was part of the encryption suite they used, and this has already shown to be broken by Snowden and others (the Boeing hack) they had already made some bad decisions.
As the security designed by the homeland evolves this almost looks like the first corporate espionage attack, it may even have been sanctioned. No other reason to make such effort to destroy the network.