This suggests the attackers used a double extortion strategy: not only locking files with encryption but also stealing sensitive data to pressure victims into paying a ransom.
Pretty much. The ransom is noticeably low, however. The attackers' goal could be interpreted in several ways due to what was accessed and what was demanded.