WANNACRY emerged on 12 May 2017, exploiting a vulnerability in the SMBv1 protocol of Microsoft Windows (CVE-2017-0144, aka EternalBlue) and was later addressed by the MS17-010 patch in March 2017. The attack spread as a worm, able to propagate autonomously across networks and encrypt files, with victims asked to pay a Bitcoin ransom that started relatively low but increased over time.
It infected over 200,000 systems in more than 150 countries within hours, hitting the United Kingdom and Spain among others and causing particular disruption to British hospital IT systems and Spanish telecommunications networks. The exploit was reportedly derived from offensive tools attributed to the NSA and leaked by the Shadow Brokers, rather than being developed by conventional cybercriminals.
A notable moment in the incident was the accidental discovery of a kill switch by security researcher Marcus Hutchins, which slowed the spread. Subsequent investigations attributed the attack to Lazarus Group-linked actors, underscoring geopolitical as well as criminal dimensions of the event.