The WannaCry computer malware that has spread across 150 countries appears to be slowing down, with few reports of fresh attacks in Asia and Europe on May 15.
However, staff beginning the working week have been told to be careful.
The WannaCry ransomware started taking over users’ files on May 12, demanding $300 to restore access.
Hundreds of thousands of computers have been affected so far.
Microsoft said the attack should serve as a wake-up call.
However, the ransomware warning said that the cost would double after three days, so the payments may increase.
Among the organizations targeted worldwide have been Germany’s rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, FedEx and Russia’s interior ministry.
Many companies employed experts over the weekend to try to prevent new infections.
The picture now appears better in Europe.
Senior spokesman for Europol, Jan Op Gen Oorth, told AFP: “The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success.”
Renault said its plant in the northern town of Douai would not reopen on May 15 as it dealt with the cyber-attack.
In Asia, a significant slowing of the malware was also reported.
Banking systems across the region were largely unaffected.
Russian President Vladimir Putin said: “Russia has absolutely nothing to do with it.”
Companies in Asia and Europe have been warning employees to be careful when clicking on attachments and links in their emails.
Microsoft president and chief legal officer Brad Smith said on May 14: “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.
“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.”
The computer giant also said that many organizations had failed to keep their systems up to date, allowing the virus to spread.
Microsoft said it had released a Windows security update in March to tackle the problem involved in the latest attack, but many users were yet to run it.