Surely a threat detection system can notice that a lot of files are being encrypted and pop up a warning to block that process and let you know.
So why is there no universal endpoint protection system that does this, in fact this should be baked in to the OS by now.?
I remember someone wrote a piece of software that put a honeypot file in every directory and checked them for changes. If they changes then the user account would be blocked immediately.
Hopefully a major incident like this will spur some action from someone.