Europol said its cybercrime specialists will support affected countries as a "complex global investigation" to identify the culprits begins, as security experts warned that another major attack could happen soon.
Businesses around the world scrambled on Saturday to prepare for a renewed cyberattack, convinced that a lull in a computer offensive that has stopped vehicle factories, hospitals, schools and other organizations in around 100 countries was only temporary.
Experts advise users not to pay, as it would only encourage the attackers.
"It's paused but it's going to happen again".
On Saturday, Microsoft said it had released updates for older systems.
Spanish communications firm Telefonica and other European companies were also targeted by the hack. "Things could likely emerge on Monday" as staffers return to work. The NSA tools were stolen by hackers and dumped on the internet. The agency has not responded to requests for comment.
Microsoft was quick to change its policy, announcing free security patches to fix this vulnerability in the older Windows systems still used by millions of individuals and smaller businesses. Russia's health ministry said its attacks were "effectively repelled".
"It's all hands on deck", said Shane Shook, an independent security consultant whose customers include large corporations and governments.
The U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report attacks to the Federal Bureau of Investigation or Department of Homeland Security. Kaspersky Lab said it had recorded incidents in 74 countries, mostly in Russian Federation, but noted that its visibility "may be limited and incomplete".
The hackers are demanding money in the form of the digital currency Bitcoin to unfreeze the infected computers.
French police said there were "more than 75,000 victims" around the globe, but cautioned that the number could increase "significantly".More news: Cubs will wait and see who's available vs. Cardinals
More news: Chamber of 17 Mummies Discovered in Egypt's Minya
More news: Ajax pushes through to Europa League final against Manchester
NHS Digital said that 4.7% of devices within the NHS use Windows XP, with the figure continuing to decrease. "At this stage we do not have any evidence that patient data has been accessed", it said.
'There has been a report to the Australian Cyber Security centre of one instance of what we believe could be this ransomware, ' she told reporters in Cairns.
"Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available", it said in the statement.
He said the situation at the plant, which employs 7,000, continued to be monitored.
The attack struck at least 16 British National Health Service organisations, along with computer networks of companies and municipalities in dozens of other countries.
Speaking after a Cobra meeting on Saturday, Home Secretary Amber Rudd admitted "there's always more" that can be done to protect against cyber attacks.
In this May 12, 2017 photo, a display panel with an error can be seen at the main railway station in Chemnitz, Germany.
In Asia, some hospitals, schools, universities and other institutions were affected, though the full extent of the damage is not yet known due to the weekend. French carmaker Renault stopped production at several sites to prevent the spread of a global cyber attack, a spokesman said. Some of the threats made on major IT companies and ransom demanded after attacks made on defense installations, telecom majors shows the level of sophistication and the confidence of the attackers.
Europol said a special task force at its European Cybercrime Centre was "specially created to assist in such investigations and will play an important role in supporting the investigation". Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex worldwide investigation to identify the culprits".
A British cyber whiz was hailed an "accidental hero" after he registered a domain name that unexpectedly stopped the spread of the virus, which exploits a vulnerability in Microsoft Windows software.