WantToCry ransomware remotely encrypts files

SophosLabs describes the WantToCry ransomware campaign that scans for internet-exposed SMB services, brute-forces weak credentials, exfiltrates files to attacker-controlled infrastructure for remote encryption, then writes encrypted files back to victim hosts and drops ransom notes; the report includes observed IPs and hostnames, detection challenges (no local malware execution), and recommended mitigations (block SMB inbound, disable SMBv1, monitor SMB activity).