The only thing needed to stop the spread is to disconnect the network cable. So leaving the machine on to gain a chance of recovering the prime numbers hashed to create the encryption key seems a chance worth taking.
Sorry I don't have the link to the article handy at the moment but I have been to the home page of the utility that was designed for this and can confirm this is the procedure.
Any chance you have a link for that article? That’s the opposite of our procedure (intended to stop the spread).
Subject: Re: [CRTech] The "Wannacry" ransomware attack
This is an external email. Please consider the risks before clicking links or opening attachments.
I read that if you get the Wanncry malware on your pc DON'T turn it off. Disconnect from the network as fast as you can.
They found that they can search memory (RAM) for the encryption key and decriypt. The utility looks for prime numbers in memory. If you turn it off that goes away.