Ukrainian authorities have directly and unambiguously blamed Russia for last week's Petya/Nyetya/NotPetya attacks. They've also called in international partners, including Interpol and the FBI, to help with the investigation. The threat actor held to be responsible is the group known as Telebots or Sandworm, a Russian actor also associated with attacks on Ukraine's power grid.
Last week's campaign is now clearly seen as destructive and disruptive, and not a ransomware attack at all. Affected organizations continue their recovery. The experience of Maersk is instructive: last Thursday the shipping company told customers its operations had resumed at a "now close to normal" rate, although some clients reported continuing difficulties.
FedEx's TNT Express subsidiary was also heavily affected, with disruptions reported into the weekend.
US Government warnings last Friday of phishing campaigns successfully targeting nuclear power installations may have been premature. In any case, the Nuclear Energy Institute has said that no US nuclear plants had been penetrated.
The European Union and some of its member states signal a determination to police data security, competitive practices, and extremist speech. Germany has enacted a law that would impose harsh penalties on services that permit hate speech (a look at existing measures to identify such speech suggest the problem remains unsolved). The EU's Commissioner for Competition urged companies to sue Google for anti-competitive practices (this would be in addition to EU fines).
Kaspersky Lab will show its source code to the US Government. Russia mulls retaliation if Kaspersky is barred from US Defense work.