The unprecedented global cyber attack has hit more than 200,000 victims in at least 150 countries, Europol said on Sunday, warning that the situation could escalate when people return to work.
Europol executive director Rob Wainwright said the situation could worsen on Monday as workers return to their offices after the weekend and log on.
"We've never seen anything like this," the head of the European Union's policing agency told Britain's ITV television, calling its reach "unprecedented".
"The latest count is over 200,000 victims in at least 150 countries. Many of those victims will be businesses, including large corporations. We're in the face of an escalating threat," Wainwright said.
TRT World's Christine Pirovolakis has the story.
Cyber security experts say the spread of the virus dubbed WannaCry - "ransomware" which locked up computers in car factories, hospitals, shops and schools in several countries - has slowed, but that any respite might be brief.
— Rob Wainwright (@rwainwright67) May 14, 2017
An international manhunt was well under way for the plotters behind what was being described as the world's biggest-ever computer ransom assault.
US package delivery giant FedEx, European car factories, Spanish telecoms giant Telefonica, Britain's health service and Germany's Deutsche Bahn rail network were among those hit.
I'm worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday — Europol executive director Rob Wainwright
"Ransomware" combined with a "worm"
The culprits used a digital code believed to have been developed by the US National Security Agency - and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.
Images appear on victims' screens demanding payment of $300 in the virtual currency Bitcoin, saying: "Ooops, your files have been encrypted!"
Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.
Experts and governments alike warn against ceding to the demands and Wainwright said few victims so far have been paying up.
— EC3 (@EC3Europol) May 13, 2017
Europol's Wainwright said the attack was unique because the ransomware was combined with a "worm" - meaning the infection of one computer could automatically infect an entire network.