Yeah I'm pretty sure that is the case. They would have to be on your network to be able to hit your server or other PCs. This whole thing seems odd to me because if they are just brute forcing logins to get in via RDP just to install the software, they are going about it in a really hard way. By default RDP is disabled on windows PCs and most non tech people don't even realize it exists. You then have to turn it on AND disable windows firewall or add rules to allow it.
Then to make it available via the internet you have to open it in your firewall and NAT it to the server/computer you want. Again, something your average person would have no clue how to do nor even understand the process. Then to top it all off, they would have to find that specific public IP to hit then brute force the login. Plus there may be a chance the account isn't even a local admin or have the privelages to install software. This seems very inprobable to use as a method to install the ransomware vs other methods like just tricking the person or dumping the software online as something its not (pirated software, fake drivers, etc.)