This is really big.
Here in The Netherlands hundreds of companies affected.
Yes, the threat actors took advantage of the fact that it was July 4th in US and on Friday everyone would be in the mood of going back to home early
They say here in the Netherlands that they will only be able to see what the actual damage is in a few weeks. But probably huge. Those guys can only make bigger investments this way. And they only get better. For a company so hard to decide. often it is cheaper to pay. Here in the Netherlands, many companies have handed over the IT to professionals for safety reasons. And it is precisely those IT companies that use that software.
And it was probably a sql injection.