From The Reg [theregister.co.uk]:
Miscreants have developed the first strain of ransomware worm capable of infecting legacy systems, such as Windows XP and 2003.
The infamous WannaCry [theregister.co.uk] outbreak, which severely affected the UK's NHS, showed just how much damage ransomware can do.
Subsequent tests showed that in most cases WannaCry could only crash – rather than infect – Windows XP systems, which remained in use by the health service connected to MRI scanners and the like, despite being retired by Microsoft years ago. Extended support for Windows XP ended in April 2014.
A new version of the GandCrab [theregister.co.uk] (v4.1) ransomware has an SMB exploit spreader that works against XP and 2003, as well as later versions of Windows. It's the first ransomware to actually "support" legacy systems, according to UK infosec practitioner Kevin Beaumont.
From Kevin Beaumont's security blog [doublepulsar.com]:
For those who haven't been following GandGrab, it's a ransomware operation where people pay for the kit, and earn money by spreading it. Notably it usually only impacts organisations and people with poor security and/or security practice — e.g. people tend to embed it into keygens on BitTorrent, that sort of thing. Most antivirus software can detect it quickly.
However being able to spread without internet access and impacting legacy XP and 2003 systems suggests some older environments may end up at risk where there is poor security practice — e.g. no working antivirus software.
[...] Install patch MS17–010 [microsoft.com]. This patch is available for all operating systems — including back to Windows XP and Windows Server 2003 — since early 2017. There is no patch for Windows 2000.