CrowdStrike details the WannaCry/Wanna ransomware variant that spread widely in May 2017 by abusing the EternalBlue SMB vulnerability after initial infection. The malware encrypts 177 file types, appends .wncry, continues encrypting renamed or newly created files, and presents ransom notes with demands of $300 or $600 in Bitcoin. The excerpt describes service-based installation under ProgramData, execution through tasksche.exe, an SMB exploitation component gated by a kill-switch domain check, and Tor-based command-and-control used for ransom payment flows. It also lists observed Bitcoin wallets and notes AES/RSA-based encryption, giving defenders concrete behaviors and artifacts for detection and prevention.