The WantToCry ransomware group, active since December 2023, has intensified its operations in 2024 by exploiting misconfigured Server Message Block (SMB) services. The group targets multiple network services, including SMB, SSH, FTP, RPC, and VNC, using brute-force attacks with a database of over one million passwords. Once access is gained, the ransomware encrypts publicly exposed network drives and NAS devices, appending the extension '.want_to_cry' to affected files. The attackers communicate with victims through encrypted messaging platforms and demand ransom payments. The ransomware's execution flow includes reconnaissance, exploitation via brute force, accessing shared drives, and payload execution without leaving local artifacts. To mitigate risks, organizations should implement security measures such as regular antivirus updates, disabling unnecessary SMB sharing, requiring authentication, restricting public access, and enabling advanced detection systems.