protections instructions:
block via win firewalls or routers network:
144.217.0.0/16
in the question why answer is:
researcher MalwareTech has registered a hardcoded domain included in the ransomware’s source code. Wana Decrypt0r connected to this domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) before it started its execution. The check was strange. The ransomware checked if the domain was unregistered, and if it was, it would execute. If it wasn’t, it would stop spreading, acting like a kill switch. With MalwareTech registering the domain, the ransomware now does not start anymore. Cisco Talos has confirmed the information
this information is from: https://blog.cripperz.sg/2017/05/13/remove-wannacrypt-wcry-ransomware-video/
block and domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com to be sure.
this domain using address from subnet 144.217.0.0/16
apply patches :
https://www.reddit.com/r/pcmasterrace/comments/6atu62/psa_massive_ransomware_campaign_wcry_is_currently/
https://twitter.com/MalwareTechBlog/status/863191272969973760
https://twitter.com/BleepinComputer/status/863087754451800064
and can sleep smooth