I’m currently working with a client at a ~5,000 seat site to combat a WannaCry ransomware outbreak. I’ve put together some draft high level information on the malware, mitigation strategies and high level removal guidance.
It’s really rough at the minute (I’ve been helping recover services, conducting vulnerability scans, configuring honeytraps, collecting samples, setting up sinkholes and advising on remedial strategies so I’ve not had much time to polish this yet)
I’ll re-visit this once I’ve had more time (and sleep!)
[update 1.1 – I’ve added in network (firewall/routers/switches) ACL’s as a mitigation strategy as I’d forgotten to list this]