If I thought I could get away with it, I would use a small-machine version of OpenVMS. In over 40 years, it has NEVER been hacked and CANNOT be hacked using "normal" network-based hacks. It has other flaws but is absolutely not susceptible to buffer overrun attacks. You also can't kill the O/S with other kinds of hacks such as code injection through certain buffers (other than overrun injection) though you can kill your own process with a good enough hack. But the problem, of course, is that not all popular utilities will run on it. It is also approaching end of life.
Unfortunately, a VM is not an ironclad safeguard. We had about 1000 servers running on a few VM servers with the Navy Enterprise Data Center in New Orleans and they were the subject of security patch notices all of the time. Not very many, but absolutely not zero. We ALSO got many UNIX-family patches including Linux.
The WannaCry worm might not affect VM or Linux right now, but I'm not holding my breath on that.
On the other hand, I read an article in the last couple of days that says WannaCry might be coming from North Korean hackers. Considering how strapped for cash DPRK has been, I wouldn't put it past them. If we could prove it, it would be time for someone to visit their borders and cut their wires.