Use of SMBv1 for XP compat may be at the core
Since the VM is (apparently) running a version of Windowx XP, I have to wonder whether or not the BLOCKING of SMBv1 would stop it dead in its tracks?
SMBv1 is known to have serious vulnerabilities due to weak encryption. In every version of windows since Vista it should be possible to turn SMBv1 compatibility OFF [and this includes any Samba servers or NAS drives]. Unless you need to run XP machines on your network with file sharing enabled, it's probably a good idea to do this anyway.
I would be interested, though, in knowing whether "disable SMBv1" is a possible mitigation for this ransomware.