The WannaCry software is particularly virulent because it doesn't necessarily require users to take any action, like clicking a link or downloading software, to spread; it can also spread automatically through file-sharing systems on networks.

Some security experts expect a second wave of the attack to start Monday morning , as employees arrive at work and turn on affected computers.

The ransomware, also called WannaCrypt, was first noticed on Friday, and has affected at least 200,000 computers in more than 150 countries, including some in hospitals, locking them until their owners pay a Bitcoin ransom to the attackers.

WannaCry uses a vulnerability in old versions of Windows that was originally discovered and exploited by the U.S. National Security Agency as an offensive cyber-weapon.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," wrote Microsoft President Brad Smith in a blog post on Sunday.

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

Smith's post deflects criticism of by noting that the company issued a patch for the vulnerability earlier this year, but many organizations didn't patch older computers. Smith also said that Microsoft has been "working around the clock" to assist affected customers, even those on older operating systems that are no longer supported.

But he also warns that similar attacks will recur unless governments stop stockpiling these kinds of vulnerabilities: