You've probably heard about the the latest outbreak of the 'Petya' ransomware. Like WannaCry, this is a worm-enabled ransomware, so it can spread across your network to infect other machines. It sounds like 'Petya' not only encrypts files, but also uses mimikatz to steal administrative credentials as well.
Links are below to more information, but here are the quick hitters:
- Make sure all your systems have the MS17-010 patch applied. (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx)
- Disable SMBv1 where possible
- Block outside access (firewall) to the following ports: 137, 138, 139 and 445
- Remove administrative access where not needed (like 99% of your users on their workstations)
- Have good, offline backups
- Train users to not folllow links or open attachments in emails they are not suspecting or look suspicious
Krebs: https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/
The Register: https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/