I imagine you already know, by now, of the WannaCry ransomware that spreads using the SMB1 file sharing protocol in Windows, XP through 7.
Yes, I said XP. MS have even issued a patch for it (thereby proving themselves to be ransomware merchants of a kind too). Whatever version of Windows you own, patch it, if you haven't yet.
The vulnerability exploited came from the NSA, and was in the Shadow Broker dump. Ransomware, once implanted using this vector, encrypts your stuff and demands payment. MS made patches available before the vulnerability hit, so any sensible person won't have been infected, but this was still immensely damaging, including to the NHS in the UK (which our Tory government is busily trying to sabotage through underfunding, for ideological reasons). And yes the NHS was, in part, still dependent on XP, and the trusts had not renewed their XP agreements. I do believe the security argument for moving on is thus definitely proved. Yet, between the NSA hoarding secret vulnerabilities, the government always blaming the attacker and not the incompetent victim, the radical market fundamentalism of governments, security professionals and the software industry who refuse to raise the bar for secure coding and endorse full disclosure but instead make real money from the vulnerabilities in software, Microsoft's own private agreements which they knew must have been necessary but which people did not benefit from without large sums of money until it was far too late, and just plain incompetence and stupidity, this is a sad story to behold. For God's sake patch.