And the second lesson is "avoid weak passwords". He admitted it was cracked because of a weak password.
But Backups should be everyone's first priority. I'm sure many of the ransomware victims would have simply restored their machines from backup--if only they had them!