WantToCry is a remote ransomware operation that targets internet-exposed SMB services using brute-force authentication. Instead of deploying local malware, attackers exfiltrate files, encrypt them on their own infrastructure, and write the encrypted versions back to the victim's network via authenticated SMB sessions, effectively bypassing traditional process-based EDR detections.