The first worrying thing about Wcry worm is when it attacked health care facilities in the U.K. They had to wave off patients and direct them to another hospital. Then an ISP in Spain was attacked too. It encrypts and locks your data and demands payment before it decrypts it.
Wcry attacks a vulnerability in Windows known to the NSA who deliberately kept it a secret. Wcry was stopped dead by a happy accident. A malware researcher who was analysing the attack found a subroutine that HTTP’s to an unregistered domain. He registered that domain to a prepared sinkhole. So the researcher already has prepared infrastructure to trap malware like this. The subroutine exits once it gets a registered domain, basically a killswitch.