Managers and employees at government offices, organizations, and businesses returned to work warily on May 15 amid fears that a massive cyberattack could worsen after the weekend.
In Asia, where the effect appears to have been limited so far, investors shrugged off threats posed by the WannaCry "ransomware" attack, with stocks mostly up across the region.
The cyberattack, which began on May 12, disrupted hospitals, banks, shops, schools, and government agencies in 150 countries, attacking through vulnerabilities in older versions of Microsoft computer operating systems.
The attack, believed to be the biggest online extortion scheme ever, has already hit some 200,000 victims at 100,000 organizations worldwide, according to Europol, Europe's police agency.
An international manhunt was under way to capture those responsible, the agency said.
In China, the world's second-largest economy, payment systems and government services reported some outages. National cyberspace authorities were quoted as saying on May 15 that the attack is still spreading in the country but has slowed significantly.
Japanese firms including Hitachi and Nissan reported problems they said had not seriously affected their business operations.
Among the big victims were U.S. package delivery company FedEx, car production facilities in Europe, Spanish telecom Telefonica, Britain's National Health Service, and Germany's rail network.
Russia's Interior Ministry said some of its computers had been hit, and authorities said the country's banking system and railway system were also attacked but that no major problems were detected.
The attackers told computer users to pay $300 to $600 in anonymous bitcoin currency to retrieve files that the virus had decrypted, blocking owners from getting access.
Experts said account addresses linked to the WannaCry software code appear to show the attackers received about $32,500 in bitcoin as of 1100 GMT on May 14. That figure is expected to rise, although many experts and government agencies urge victims not to give in to the demands.
Cybersecurity experts said new versions of the ransomware are likely to surface as the business week starts in many parts of the world.
Microsoft President Brad Smith in a blog post on May 14 acknowledged what researchers had concluded: The ransomware attack was developed through a tool built by the U.S. National Security Agency that was leaked online by hackers in April.
Security experts said computers affected by the ransomware appear to be ones that had not been recently updated.
Experts said many organizations do not update their systems because of costs. Others, such as hospitals, find it difficult to upgrade without disrupting operations.
"Expect to hear a lot more about this…when users are back in their offices and might fall for phishing e-mails" or other as yet unconfirmed ways the ransomware, also called a "worm," may attack, Christian Karam, a Singapore-based security researcher, told the Reuters news agency.
The threat eased after a Britain-based researcher -- who declined to give his name but issues tweets under the profile @MalwareTechBlog -- said he accidentally came upon a way to at least temporarily limit the ransomware's spread by registering a web address to which he noticed the malware was trying to connect.
Experts said his action helped delay attacks and gave organizations time to explore ways to block future intrusions.