The scenes from around the world were like a bad movie: Amateurish ransom notes, international chaos, and "absolute carnage" in some hospitals that were particularly hard hit.
Microsoft has been doing a full-court press in response. It took the highly unusual move of providing updates for "retired' operating systems Windows XP and Windows Server 2003, but came under criticism that it did not do more sooner for customers who did not upgrade.
Microsoft president Brad Smith responded that the attack, which has reportedly hit 74 countries including the UK, US, China, Russia, Spain, Italy and Taiwan, was an urgent wake up call not just for the industry but also for customers and government.
"This attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers," Smith wrote. "This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support."
He also blasted the way government agencies have handled sensitive security disclosures.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017," he wrote. "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."
But as the finger pointing continues, so do the attacks.
People have been flagging sightings around the world of the ransomware in the wild, and as China came online today, the infection was expected to further spread.
The key question is if the patches will be able to keep up. Windows 10 was not affected by the ransomware.