Phishy fishy FISH
I get regular emails to my nhs.uk account asking me to open the attached encrypted html file. They are genuine, from ESR, the electronic staff record people. The thing is, no matter how hard they scratch their heads, peeps cannot work out how wannacry got into the system and why people felt safe to click such emails.
If the good guys continue to engage in bad guy practice, the end user won't know which emails to trust and which not to. And I have reported at least 2 unsavoury emails to Trust IT departments that were truly bad.