> Take it further - NHS owned DR DCs, with a ("secure") warm copy of a hospitals data, copied over fat pipes, fast enough for staff to use the DR systems remotely when their local system is down? When disaster strikes a hospital, just connect the data disks to a suitably powerful system and boot it. I don't know if it's practical, original, or even useful in this scenario, but I'll risk the derision and downvotes because it might just spark a better idea in someone.
In this case it would have been largely pointless, because if the main system got infected then there's nothing to stop your DR system getting infected as soon as you spin it up, unless you spun it up on an isolation network (e.g. on an entirely different VLAN to anything in your live systems) and manually joined cleansed clients to it one by one.
One possible solution might be a DC on a different operating system entirely (there are several Linux solutions that can act as a secondary Windows DC and at least one that can be a PDC) that wouldn't have been susceptible to WCry - to allow more vital software processes or any uncompromised clients such as firmware-based hospital equipment to still have *something* to talk back to and authenticate against.
Biting the hand that feeds IT
