Its not ransomware. You have a volume and you have a share. You create a folder in that share and it inherits the root permissions. The question is, if you lost access to the root, how would you for example take ownership back?
If the share = \\SVM\Users$ and you access this share, create folders here, they inherit permissions from user$. The only way I know how to change the NTFS permissions on the Users$ is to pin the folder in explorer, then I can right click it and modify the permissions. But lets say someone went in and removed my ntfs access from users$, the folder would disappear and I would not be able to even see the folder. If I try to go to \\SVM\Users$, I would get access denied. The share permissions are still intact and visible on netapp, but the ntfs permissions are now wrong and im locked out. So how can you view / take ownership back of the Users$ root folder?