Using the NSA exploit EternalBlue released by the Shadow Brokers, the WannaCry ransomware developers have added their names to malware lore. Given the number of institutions hit and the amount of media generated, it seemed appropriate to show what the ransomware actually does on a system through our SandBlast Agent Forensics product.

http://blog.checkpoint.com/2017/05/16/crying-futile-sandblast-forensic-analysis-wannacry/