To sysadmins stressing out on their friday evening with unpatched systems.
Quick workaround to mitigate the attack to give you time to patch (we know, 24/7, understaffed, shitty patch OTAP...). Below is a quick workaround to almost certainly stop this attack for now. Please update asap after this. No warranty, use at own risk, etc.
Disable smbv1 in Windows 7/2008R2 or higher
Or alternatively:
Source: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
For client operating systems:
For server operating systems: * Open Server Manager and then click the Manage menu and select Remove Roles and Features. * In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window. * Restart the system.
PS Warning, some old software relies on smbv1 (oldschool file sharing) and can break. Apps from the late 90s for example that requires Opportunistic locks.