Hello - this is exactly what I am working on - Citrix is just a legacy situation (I suppose like Novell was years ago). It works for us and we aren't really big enough or well-off enough to make renewing all our software worthwhile. And certainly not to pay a ransom...
The ransomware got in owing to total stupidity on my behalf. Having run things perfectly for 15 + years in a momentary aberration I opened a port (1494 - Citrix) some time last year. What's worse, when I discovered the issue, I didn't immediately pull the plug on the VMs and remove the network adapters so the contagion spread and many back up sets were encrypted. Fortunately I keep copies off the network and fortunately there has been little if any activity in the last months thanks to covid-19