its a very good security layer.
basically cryptoprevent is a frontend for the very powerful software restriction policy which itself is effectively an anti exe. Anti exe security policies tend to be a way better means of defense than traditional patching and a/v.
However since this is a worm which doesnt need a human to execute it for infection and we know it spread via SMB, I dont think SRP would have stopped it unless the original machine was infected via a human running an original binary. The NHS is very unlikely to have SMB open to the internet, so how the first machine got infected remains a curiosity of mine.
The only issue with cryptoprevent is its out of the box config uses a blacklist rather than whitelist approach (for user friendlyness), whitelisting is always more effective than blacklisting.
On my rig, any folder that can be written to by a browser cannot execute a file (via SRP), meaning there is a conundrum for malware, it may make it to the disk, but if it does it wont be able to run. I also extend this limited permissions to any folder thats writeable by any non elevated process on my entire system covering all drives. It has meant I have had to whitelist all my games/apps etc. but I feel its worth it. You can whitelist trusted certificates tho which makes it somewhat more user friendly, so e.g. whitelisting the google cert will allow any google binary to run without a specific whitelist.
Applocker which is the newer version of SRP is way more user freindly, it has a wizard you can run which will scan folders for existing programs and automatically create rules for them, however since windows 8, its on no consumer version of windows, it was useable in windows 7 ultimate.
SRP and Applocker can also block dll injection so e.g. using something like rundll32.exe to load a malware dll can also be blocked by both SRP and Applocker.
SMB can be significantly hardened tho, although I dont know if a hardened configuration would have mitigated this worm.
Typically ransomware aimed at consumers is in the form of a binary, maybe attached to an email or drive by virus in a browser.
Whilst businesses may heavily use shared network drives aka windows file sharing, and as such its clear to me this worm targeted businesses.