Ransomware itself typical
The actual ransomware component itself is not all that remarkable, it does what ransomware does, encrypts a widerange of files and demands ransom, to be paid in bitcoins in a most insistent way. Here is a list of some of the files it encrypts.
Expect more of the same to come
What we have seen to date is likelyonly the beginning. Expect new variants of this threat to quickly emerge. These are likely to have different killswitch domains or no killswitch domains at all. Note, even though you might have patched your systems, it may still be possible to get impacted by theWannaCry Ransomware itself if it is spread via email or the web in the future. However, if you are up to date with patches and have taken some of the mitigation stepsbelow the impact and spread should be well contained.
*.If you haven’t done so already,patch the vulnerability (seeMS17-010) on all systems!
*.Doublecheck AV is up to date with latest signatures
*.Don’t block the known killswitch domains at your gateway
*.Consider disabling SMBv1 traffic in your LAN
*.Block port 445 SMB traffic at your border firewall