my tuppence worth (as everyone else has their opinion, why not add mine) :D
for what it's worth, here's my take on this (and all the other instances where some virus has trashed a network).
Most viruses arrive by email, generally spoofed messages either purporting to come from another user inside the network, or from a trusted external contact. The user then opens the message, then the attachment, (or clicks the link), and then allows the attachment to run macros. This then allows the malware to download the nasty bit of itself, and possibly contact the command and control network.
The nasty stuff then starts encrypting files on the servers - and on the local PC. it will open every drive that the user has mapped, and will create an encrypted version of every file it can see, before deleting the original. Some variants (like this one) will also seek out all other machines on the network to infect them.
So, how do we stop this from happening? or at least slow down the spread when it does hit, or limit it's effectiveness when it arrives.
1. Educate the users so that they stop blindly opening any and all emails they receive.
2. Stop users from treating their work computers like their home PC's - they are not, they are for business use only, but people are very rarely held responsible for the state of their computer, and the higher up they are, the less likely they are to be held accountable.
3. Have working email filters that can identify internal email addresses and reject them as spam (spoofed). Also some external email scanning to remove spam and viruses before it even hits the perimeter of the network.
4. Use file filters to prevent the malware from creating its encrypted version of the file - this stops it from deleting the original. The desktop might be infected, but as long as the file servers are OK, all user data should be safe. It would actually be better to have a file filter that only allows specific file types to be saved to the server, but I am not aware of any way to do that at the moment.
5. Stop using a single AV product across an organisation. There should be one (or more) AV engines scanning emails coming in, a second in use on client desktops, and a third for the servers.
6. Currently the UK compliance rules (well known) are that all critical and security patches released by vendors should be installed within 3 months - this is too long (as proven here). But everyone in IT is well aware that if they install a patch and something breaks, they get the blame - so there is reluctance to force the issue, instead they use staged patching and try and limit any blame they might get.
7. Stop using out of date Operating Systems - the excuse about testing software for compatibility only holds up for so long - Windows 7 is reaching end of life, and many organisations have not even started testing their software works on Windows 8, never mind 8.1 or 10. and to still be using Windows XP is poor.
8. Stop having non-technical people making decisions about technology. Put some qualified people in place and give them the authority and budget they need to put proper controls in place, back them up in their decisions, and test it properly to make sure that it meets (or exceeds) their designs.
9. Ensure that your internet connection is not allowing malware to come down - perhaps by limiting file downloads to only a few approved users or computers.
10. Use firewalls on local machines - they are often turned off, or opened to the point of uselessness simply to make life easier for everyone.
11. As one person found out, the original variant stopped when it attempted to contact a specific web address and got a response - this could be fairly simple, configure your network so that all unidentified URL's receive a response from a specific internal web server - as the malware gets a response, it exits. And if a user goes to an invalid URL, they will see a web site advising them what they did wrong - it becomes a win/win. (implementation may be difficult to accomplish on some environments)
12. If for some reason you cannot replace an out of date computer - and yes, there are valid reasons to retain old OS's - then either air-gap it from the network, or put it on a very secure locked down network with very limited access to and from it. If it's important enough, then you want to do everything possible to reduce the chance that it could be affected (maybe also look at installing some sort of deepfreeze software on it to try and reduce the time required to get it back to original configuration)
13. Have the separate teams work together to put in place effective strategies and solutions - rather than each team is responsible for only their small bit of the puzzle - this often means that things don't interact well and less than optimal decisions are often forced in place.
There are other things that could also be done to help limit the effectiveness of malware - nothing will ever truly kill it off.