Main line of infection vulnerable MS Windows - all of Windows dhcp-servers, Exchange-servers, domaincontrollers & Windows network disks were hit. Entrance point as for now unknown.
Strange that I cannot get any reactions here. This just seen from the enormous engulfment of ransomware against Microsoft OS lately.
With ransomware against firms and institutions that have to pay 1% of their annual income to buy keys to unlock their encrypted data >:( like Clop ransomware, malcreated by the Russian TA505 group, that could be identified by the server and methods they used.
Microsoft is not coming up with a Fix-it for this within foreseeable time, so mitigation of this threat is far away.
Going on like this everywhere around the planet ransomware could cost us all our free Interwebz. Is that what you wait for?
When the threat comes in through the mail (PHISHING - ransomware) installing DMARC would certainly help.
Europol has already advised us to implement DMARC - Domain Message Authentication Reporting & Conformance (DMARC),
an email-authentication-protocol. A missed chance for organisations. Check: https://dmarcian.com/dmarc-inspector/
& https://dmarcian.com/phishing-scorecard/
In the recent Maastricht University clop ransomware attack Windows Defender Tamper Protection was not installed.
In that way Windows Defender could be halted to function.
Also older versions of MBAM ransomware protection do not work to stop Clop.
MBAM version 4 is not vulnerable.