The WannaCry, WCry and WanaCrypt ransomware exploded onto the ransomware scene on May 12, 2017, with a mass campaign impacting organizations in many countries. CrowdStrike Falcon Prevent offers protection for this variant through two types of coverage. Wanna continues to encrypt victim files following any name changes, and any new files created following infection. A ransom note is displayed on the victim machine, which is completed using text from a library of Rich Text Format (RTF) files, in multiple languages and chosen based on machine location. The decryption software shows one of three possible Bitcoin wallet addresses.”]
Source: https://www.cuinfosecurity.com/blogs/inside-wannacry-ransomware-outbreak-p-2483