I expect you already understand this, but to be clear: the risk appears to be that even one forgotten old server (or service) running SSLv2 can put your up to date, highly secure servers at risk (if you've shared keys between them).
To my eye, the way you've phrased it here could be read to imply "any server with SSLv2 disabled is safe". The linked report says this is incorrect, and its inaccuracy is responsible for roughly half of the vulnerabilities that they have observed.
Note that the private key isn't actually leaked (as opposed to Heartbleed), so it wouldn't be necessary to revoke the old certificate and use a new key. Rather, DROWN uses an existing SSLv2 service with the same key as an Oracle to decrypt (usually secure) TLS connections.
It's still a good idea to not share keys to limit the exposure for future attacks.
To my eye, the way you've phrased it here could be read to imply "any server with SSLv2 disabled is safe". The linked report says this is incorrect, and its inaccuracy is responsible for roughly half of the vulnerabilities that they have observed.