PCs which become infected by the ransomware are locked and users are issued with a ransom $300 in Bitcoin for unencrypting their files. That doubles to $600 if the demand isn't met within three days and if a week goes by without payment the victims are threatened that their files could be deleted forever.
While organisations are slowly returning to normal in the aftermath of the weekend's attacks, investigators and law enforcement are looking into the attack in an effort to identify the perpetrators.
"We're trawling through huge amounts of data associated with the attack and identifying patterns," said Lynne Owens, Director General of the National Crime Agency, the UK's organised crime fighting taskforce.
The NCA is working alongside international law enforcement partners including Europol, Interpol and the FBI to investigate the attacks.
"We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally. DHS has a cadre of cybersecurity professionals that can provide expertise and support to critical infrastructure entities," the Department of Homeland Security said in a statement.
But the sheer number of infections across the globe and the fact the attackers rely on anonymous Bitcoin payments to receive ransoms means they're going to be hard to track down.
The attackers have also only made around $50,000 in ransom demands so far, indicating that the vast majority of victims simply aren't paying up.
"Because of the quantity of data involved and the complexity of these kinds of enquiries we need to be clear that this is an investigation which will take time," said Owens.
"But I want to reassure the public that investigators are working round the clock to secure evidence and have begun to forensically analyse a number of infected computers," she added.
Specialist cybercrime officers from both the NCA and regional police organised crime units are speaking with victims - including those in the NHS - to "help protect victims and secure and preserve evidence".
While the initial threat of a second round of attacks appears to have died down for now, the NCA has warned organisations not to be complacent, because "that doesn't mean there won't be one".