Security experts at ProofPoint security discovered that many machines cant be infected by WannaCry because they have been already infected by Adylkuzz. The cryptocurrency miner was the first threat that used the EternalBlue exploit to trigger a vulnerability in the Server Message Block (SMB) protocol. The malware shuts down SMB networking to prevent infections with other malware. The effects of the last mass-ransomware attack could have been more severe in absence of a threat that previously exploited the same flaw. Attackers received around $43,000 in payments to three distinct Monero addresses.”]
Source: http://securityaffairs.co/wordpress/59170/malware/adylkuzz-botnet-wannacry.html