Several security experts questioned whether the effort to extort victims with computers hit by the virus was the main goal, or whether the unknown hackers behind the attack could have other motives.
But security researcher Amit Serper of Boston's Cybereason has identified a method that essentially acts as a vaccine for computers infected by the malware.
The "Petya" ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.
Ben Johnson: How does this attack appear to be different than May's attack? In the May attack, fixing that bug protected the computer from ever becoming affected by the attack. Since then software companies like Microsoft have worked to develop countermeasures against cyber-attacks of this sort.
Kvitova reaches first grass final since Wimbledon 2014
Remarkably, she's playing only her second tournament and only her sixth match since she was attacked in December. I made two double faults, and it's hard to play on grass when you have that in the mind.
However, no one has any clue regarding the perpetrators of the attack till date. Australian staff at global law firm DLA Piper are facing similar troubles, told to come in to work as usual but to avoid turning on or using any computers.
But whether perpetrators are caught or not, he says get ready for more ransomware attacks, which he describes as "the new normal".
Petya is still very risky, the Singapore Computer Emergency Response Team (SingCERT) explained as the malware doesn't only encrypt targeted files, but it also stops the computer from loading the operating system. This new variant is particularly virulent because it uses multiple techniques to spread automatically within a company's network once the first computer is infected.
The initial infection can be traced to tax accounting software from a Ukrainian company called M.E.Doc, Microsoft says. But the company denied its software spread the infection, saying in a Facebook post that the update was sent out last week and was free of viruses.
At the time of writing, the wallet contains approximately $8,000-worth of Bitcoin, not a large return for such a significant and widespread attack. The organisation has since shut down the email account.
These factors contribute to a now-prevailing theory that this was a politically motivated attack on Ukraine, coming as it did just as the country is set to celebrate its Constitution Day. Many of those businesses were hit by WannaCry, and anyone who still hasn't installed the appropriate security updates may be at risk from this new attack as well.