A major ransomware attack has affected many organizations across the world including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware responsible for this attack is a ransomware variant known as ‘WannaCry’ The malware then has the capability to scan heavily over TCP port 445 (Server Message Block/SMB), spreading similar to a worm, compromising hosts, encrypting files stored on them then demanding a ransom payment in the form of Bitcoin. This is the cause of the worm-like activity that has been widely observed across the internet.”]
Source: https://blog.talosintelligence.com/2017/05/wannacry.html