On May 12, 2017 the Check Point Incident Response Team started tracking a wide spread outbreak of the WannaCryptor ransomware. We have reports that multiple global organizations are experiencing a large scale ransomware attack which is utilizing SMB to propagate within their networks. The infection vector can present itself in multiple ways, such as a link within an email, or a link within a PDF, or as a password encrypted ZIP file which contains a PDF which starts the infection chain.

http://blog.checkpoint.com/2017/05/12/global-outbreak-wanacryptor/