On Friday 12 May 2017, a massive ransomware attack started to hit hundreds of organisations around the world. At the time of writing this article just days later, the infosec community was still sifting through the evidence following the onslaught, and it was still not known whether the Wannacry virus (also known as WCry, WanaCryptor, WannaCrypt or Wana Decryptor) was state-sponsored, orchestrated by a hacker group, or the work of a lone teenager sitting in a suburban bedroom somewhere.