WannaCry is a menace because it is not being spread through social engineering tricks like emails or phishing. It's being spread as payload for a completely automated worm that exploits a flaw in Microsoft's SMB networking protocol.
The Windows vulnerability was discovered by the NSA some time ago. Rather than inform Microsoft of the vulnerability, which allows a person to remotely compromise a network-connected Windows machine without the owner of the machine doing anything, the NSA used it as a spying tool.
The NSA itself got hacked by a hacking group calling itself Shadow Brokers, who lifted detailed NSA documents describing a large number of security vulnerabilities the NSA had discovered and used as hacking tools. Shadow Brokers released the documents, and then a second group of hackers combined the vulnerability with the WannaCrypt ransomware to create WannaCry.
WannaCry spreads itself silently and automatically, without social engineering. Microsoft has taken the problem so seriously that not only have they released a security update to close the vulnerability, they went back and released the same update for ancient, unsupported Windows installs like Windows XP (the first XP update in a very long time). Imagine if Apple released a new security update for OS X Panther; that'll tell you how unusual that was.
