Re: Another theory
I think you're all forgetting:
Computer viruses were around for many decades, and very destructive - just like this incident - for decades before they started being used to make money. People, skilled people, were writing programs and deliberately spreading them for no other reason than to destroy other people's data "because", profiting literally nothing from it at all, and unleashing them on the world rather than just one person's computer.
The motive can be simply "To prove I can". "To show them they don't have security". Or even "Because then they'll hopefully buck their ideas up".
Look at any proof-of-concept code for a recent hack and you'll find people trading it online with their own twist, and they will have a cadre of "budding" virus-writers describing how they used it "for lolz" just to try to gain reputation.
There are people in this world who will happily call in SWAT teams, waste the emergency services time (e.g. things like fire brigades just to throw stones at them when they arrive) or - as one kid did in my road many years ago - pull down their pants, crap in their hand, and smear it over the only phonebox.
There doesn't need to be a motive, if you're only doing it "for a laugh". And it doesn't need to be for a serious purpose for someone to plan such things.
You probably find that someone ran an automated tool (or even bought an automated cloud-based hacking service! They exist!), it got them a shell on a remote system that they had no idea what it even was, and then they went on IRC and asked "What should I run?" and someone copy/pasted a line to blank their hard drives, and they all had a good laugh.
Again - their motivation is neither here nor there... it could be a targeted internal attack, an external random automated script, a slip of a finger by an authorised admin, or some kids playing games... it literally does not matter. What matters is that it should not be possible. Which is why - rather than rely on "detecting" whether the kids do these things, or working out their attacker's motive - it's also better, and necessary, to just make sure they aren't possible in the first place.