I trust that you’re monitoring anything that attempts to disable anti-malware processes? (yes, I have a solution for that)…:
[…] Also, the attackers disabled the organization’s anti-malware solution with the use of the ProcessHacker utility and changed the passwords for Active Directory servers. This leaves the victim unable to access their systems.
“This ransomware attack is the second one in the past month using the Java Runtime Engine (JRE) to execute the attack,” James McQuiggan, security awareness advocate at KnowBe4, said via email. “While initial information shows a very targeted attack, it illustrates the notion that criminal groups are seeking new ways to avoid detection once inside an organization. Disabling the anti-malware on systems reduces the chance of being discovered by monitoring system administrators before launching the JRE to encrypt the file systems.”