Yes, that's why they don't really target individuals. But if they've found a couple of sloppy companies, jackpot!
- that some institutions reverted to clean backups
- there are more than 3 addresses
- spread was stopped by a blogger who discovered a kill switch in the virus (this has been verified) - https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
There have to be more than 3 addresses. And it's Saturday, many companies cannot access their money until the banks open Monday. Only then we'll see how big the damage is...
You are right they are not targeting ordinary citizens but rather companies especially large ones even those who have a good firewall to protect their datas. This kind of attacks have been already a threat to the world and many big companies are starting to worry about those kind of attacks. Hope the government around the world will use the interpol to put those kinds of issues in a priority.