For now, though, responders emphasize that companies and other organizations can still protect themselves. They can make ransomware less lucrative for attackers by focusing on basic security protections and tightening their defenses in fundamental ways. This not only makes it more difficult for attackers to find vulnerable targets in the first place; it can make it less likely that victims will actually need to pay a ransom to restore their services if they do get hit.

“Organizations need to get the basics right, that is absolutely critical,” Emsisoft's Callow says. “In the past, companies could often get away with having somewhat weak security, but now they can’t. They'll pay the price literally and figuratively.”