They are having more luck dissecting flaws that limited its spread.
On Sunday, the USA software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret - in order to conduct espionage and cyber warfare - and sharing those flaws with technology companies to better secure the internet.
Researchers at security firm Proofpoint said the related attack, which installs a currency "miner" that generates digital cash, began infecting machines late last month or early this month, but had not been previously discovered as it allows computers to operate while creating digital cash in the background.
Microsoft declined to comment for this story. You could say an attack of this nature has been coming, particularly when a 2016 study by ISP Beaming, suggested cyber-attacks were already costing British businesses around £34bn. The attack by hijackers affected over 200,000 people over the globe. The tool was one of many linked to the NSA that were leaked online previous year, then finally decrypted in April for use by anyone with the requisite coding skills.
"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the United States military intelligence organisation National Security Agency (NSA) has affected customers around the world", Smith wrote.
A decade-old form of malicious software known as ransomware has been making headlines after cybercriminals hijacked hundreds of thousands of computers worldwide.More news: Over 60 electoral 'violations' in run-up to Iran vote: judiciary
More news: Man blocked from reaching cockpit
More news: MA kid calls police on drug dealing dad
Because of the way WannaCry spreads sneakily inside organisation networks, a far larger total of ransomed computers sitting behind company firewalls may be hit, possibly numbering upward of a million machines.
Matt Suiche, a researcher and founder of Comae Technologies, reported he was unable to make Guinet's decryptor tool work.
French researchers have released software tools they claim can restore some of the computers infected by the WannaCry ransomware attack.
High-profiles attacks like WannaCry "drive the market", Ilex International president Laurent Gautier told AFP.
With more than 300,000 computers worldwide compromised by the WannaCry ransomware in at least 150 countries, including the National Health Service in the United Kingdom, Monday was expected to be a day of reckoning for USA healthcare organizations facing the file-encrypting malware.
Likewise, Bossert emphasized that the only computers that can be compromised by WannaCry are those that do not have the latest security patches available from Microsoft.