This is live with continuous updating.
From GitHub:

rain-1/Wannacrypt0r-FACTSHEET.md forked from Epivalent/Wannacrypt0r-FACTSHEET.md
Last active 3 minutes ago

WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm

Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. (source: malwarebytes)
Infections: NHS (uk), Telefonica (spain), FedEx (us), University of Waterloo (us), Russia interior ministry & Megafon (russia), Сбера bank (russia), Shaheen Airlines (india, claimed on twitter), Train station (germany)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes)

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/

Malware samples

hxxps://www.hybrid-analysis.com/sample/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa?environmentId=100
hxxps://transfer.sh/PnDIl/CYBERed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.EXE
hxxps://transfer.sh/ZhnxR/CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE (main dll)

Binary blob in PE crypted with pass 'WNcry@2ol7', credits to ens!

Informative Tweets

Sample released by ens: https://twitter.com/the_ens/status/863055007842750465
Onion C&Cs extracted: https://twitter.com/the_ens/status/863069021398339584
EternalBlue confirmed: https://twitter.com/kafeine/status/863049739583016960
Shell commands: https://twitter.com/laurilove/status/863065599919915010
Maps/stats: https://twitter.com/laurilove/status/863066699888824322
Core DLL: https://twitter.com/laurilove/status/863072240123949059
Hybrid-analysis: https://twitter.com/PayloadSecurity/status/863024514933956608
Impact assessment: https://twitter.com/CTIN_Global/status/863095852113571840
Uses DoublePulsar: https://twitter.com/laurilove/status/863107992425779202
Your machine is attacking others: https://twitter.com/hackerfantastic/status/863105127196106757
Tor hidden service C&C: https://twitter.com/hackerfantastic/status/863105031167504385
FedEx infected via Telefonica? https://twitter.com/jeancreed1/status/863089728253505539
HOW TO AVOID INFECTION: https://twitter.com/hackerfantastic/status/863070063536091137
More of this to come: https://twitter.com/hackerfantastic/status/863069142273929217
C&C hosts: https://twitter.com/hackerfantastic/status/863115568181850113
Crypted files will be deleted after countdown: https://twitter.com/laurilove/status/863116900829724672
Claim of attrib [take with salt]: https://twitter.com/0xSpamTech/status/863058605473509378
Track the bitcoins: https://twitter.com/bl4sty/status/863143484919828481
keys in pem format: https://twitter.com/e55db081d05f58a/status/863109716456747008

Cryptography details

encrypted via AES-128-CBC (custom implementation in the binary)
AES key generated with a CSPRNG, CryptGenRandom
AES key is encrypted by RSA-2048 (windows RSA implementation)
https://haxx.in/key1.bin (the ransomware pubkey, used to encrypt the aes keys)
https://haxx.in/key2.bin (the dll decryption privkey) the CryptImportKey() rsa key blob dumped from the DLL by blasty.