Holding a company’s data for ransom is almost entirely done for monetary gain. There are no “playful” ransomware hackers sitting in their parents’ basement looking for something to fend off boredom. They are serious, tech savvy criminals.
What can be done? Just as defending against anything else, you need strong encryption, strong passwords, no open doors, and your data must be backed up, always. In looking at cloud service providers, ask all the questions, find out how their security is set up, how have they planned for every vulnerability, do they routinely test for weaknesses, how and where is their data backed up, and how often. If you don’t ask all these questions, you will at some point wish you did.