WannaCry ransomware spread globally by exploiting SMBv2 remote code execution on unpatched Microsoft Windows systems, using the EternalBlue exploit released in the Shadow Brokers dump. Kaspersky telemetry recorded more than 45,000 attempted infections across 74 countries in the first hours, with affected organizations including Spain-based entities and UK National Health Service medical institutions. The malware encrypted a broad set of office, database, archive, email, developer, certificate, media, and virtual machine files, appended the .WCRY extension, changed the victim wallpaper, and displayed multilingual ransom instructions. Samples used Tor components for command-and-control access and listed Bitcoin wallets for payment, with ransom pressure enforced through countdown timers and price increases. The outbreak highlighted how exposed SMB services and delayed patching could turn a ransomware payload into a fast-moving global incident.