This question has so many answers. When do you think you where impacted? Are you maintaining logs & for how long? The infected hosts machines do you see them in the logs? I highly doubt this will help you with your ransonware issues tho and is a bunch waste of time since you do not really known the delivery method for the ransonware ( was it email, web, a infected USB drive,etc....????s )
What I would do;
I would concentrate on fixing the issues , with the big one of no end-point protection on the hosts or degraded end-points.
Review your security-policy and malware UTM fetaures
Review if your AV/MALWARE DB is upto date
Look for previous backup
Restore good backups , but only after you update the OS and endpoint protection
provide user education and training on security
You can Make a complaint to your local authtorities also but don't expect any major break or action form the law enforcement agency.
