Another solution
I have a suggestion that might help to reduce vulnerability to notPetya and similar malware, and it is to PATCH THE ETERNALBLUE VULNERABILITY ALREADY. The patch involved was released for every windows version in March of 2017, and the first time it became really obvious that that patch was important was in May. It's now been eighteen months. What excuse is there for leaving eternalBlue open for this long? Now every basic malware release uses it, because it's evidently still working. Fix it.