The WannaCry wave is not over. some even talk about a newer version that seems to have another password an doesn’t use the known kill-switch. But it looks like these derivates are using the same way (SMBv1 Vulnerability) to redistribute there self.
And another thing to keep in mind: The attack happened on the weekend… Many computers in big companies might be turned of. What if they are turned on on Monday, in a network where already infected computers are?
Not patching a system and even leave SMBv1 turned on is a big risk. In my opinion to many companies ignored the well known Vulnerability. Even worst if you think you shouldn’t do something now!
If you really need SMBv1, I had a very old NAS Server that only support it, please do yourself a favor and patch you systems. All of them! And you really should think about an alternative, by dropping such old devices.
I still see much more Netbios traffic on our external Firewalls since the WannaCry wave started. Even now. The traffic is still about 20% higher then normal. And I doesn’t even understand why there is any Netbios traffic on the Internet! Every well configured firewall should block it, in booth directions!
My advice is crystal clear: Check all your systems and patch all of them!
The reason why guys like me posted all the stuff over the weekend, even after the Kill-Switch was announced!