In the effort of “not repeating excellent work of others” … here are two articles to help you turn off SMB 1 via Group Policy:
It doesn’t take much, and you should do it.. yesterday.
You should also start thinking about how to block attacks that users themselves (or even slightly tired IT people) can click upon and wreck their networks.
I humbly suggest you check out PolicyPak Least Privilege Manager and our SecureRun feature. Here are two videos showing you you could have prevented the attack in the firstplace: