I have no idea why some of this stuff is online in the first place - so you can open a valve from your desk?
Its not that the control systems are directly accessible.
Rather the monitoring is fed out to regular systems.
Once
that network goes down, the whole thing needs to be taken offline, until it can be recovered from a backup, or a full reinstall. Which is NOT trivial.
Things need to be brought back online in a specific order.
Assuming there exists a proper backup scenario, and detailed, tested checklist of how to restart.
2-3 days of downtime while everything is restarted == potential millions of $$.
The question is - How did this ransomware get into the network to begin with?
It does NOT happen randomly or via a driveby...some idiot opened something he shouldn't, or brought some crap from home.