Re: several things... part #2
Umm...
I think your comment was meant for WannaCry or the initial information release of the vulnerability and subsequent MS patches.
By the time WannaCry was out we had patched our Dev/test estate and we're beginning the rollout to production. By the time NotPetya was out, we'd patched our estate and disabled SMBv1 on 90% of the estate in the 6 months since MS released the patches and WannaCry had confirmed the seriousness of the vulnerability.
NotPetya's value should have been approaching zero by the time it was released...