Malwarebytes assessed that WannaCry spread as a self-propagating ransomworm rather than through a malicious email campaign. The infection path centered on scanning vulnerable public-facing SMB services, exploiting EternalBlue over TCP port 445, and using the DoublePulsar backdoor to support deployment and persistence. Packet-capture evidence included SMB traffic, Trans2 SESSION_SETUP behavior, DoublePulsar response codes, and the widely reported kill-switch domain lookup. The analysis matters because it ties WannaCry’s scale to unauthenticated network propagation and highlights patching, disabling unnecessary SMB exposure, and network segmentation as key defenses.