The more charitable take on this is that if one system is compromised, there's a high chance others may be, so if you have safety-critical systems and you're not absolutely certain they were properly air-gapped from the compromised system, shutting them down may be the safest course of action.
In truth both factors probably played a role in this case, perhaps also with a hefty dose of "our software literally can't run if billing is down because it was never designed to handle that".
In truth both factors probably played a role in this case, perhaps also with a hefty dose of "our software literally can't run if billing is down because it was never designed to handle that".