FireEye describes WannaCry, also called WCry or WanaCryptor, as a self-propagating ransomware family that spread internally and across the internet by exploiting the MS17-010 SMB vulnerability with EternalBlue. The malware combined a ransomware component with a propagation component, encrypted files with the .WCRY extension, dropped a decryptor, demanded Bitcoin payment, and used encrypted Tor channels for command-and-control. Persistence artifacts included Run keys and services such as mssecsvc.exe and tasksche.exe, while destructive recovery-inhibition commands deleted shadow copies and backup catalogs. Its spreader enumerated local subnets, attempted connections to port 445, and launched exploitation threads against reachable SMB services, with a kill-switch domain determining whether installation and encryption continued.