Guillaume Poupard, head of France's national cyber security agency, told Reuters he is concerned infections could surge again on Monday, when workers return to the office and turn on computers.
Two security firms _ Kaspersky Lab and Avast _ said they had identified the malicious software behind the attack in over 70 countries, although both said the attack had hit Russian Federation the hardest.
It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.
Security experts have warned that another attack is imminent, most likely on Monday, and could be unstoppable.
It has crippled Britain's health system - with stroke victims unable to undergo urgent surgery because their scans could not be accessed - and affected other businesses around the world.
Chris Doman, a researcher at the cyber security firm AlienVault, added: "The NHS is particularly vulnerable to ransomware as they have critical systems with patchwork security".
In Brazil, the social security system had to disconnect its computers and cancel public access.
Meanwhile health authorities are racing to upgrade security software amid fears hackers could exploit the same vulnerability with a new virus.
The exploit, known as "EternalBlue" or "MS17-010", took advantage of a vulnerability in the Microsoft software that reportedly had been discovered and developed by the U.S. National Security Agency, which used it for surveillance activities.
That said, the threat hasn't disappeared, the MalwareTech researcher said.
This one worked because of a "perfect storm" of conditions, including a known and highly risky security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business or government networks.
(AP Photo/Paul White). A security guard stands outside the Telefonica headquarters in Madrid, Spain, Friday, May 12, 2017.
The national railway system said that although it was attacked, rail network operations were unaffected.
Clapper and Europol say the scope of the problem may become bigger when people switch on their computers. The firm said it had warned about the exponential growth of ransomware, or crimeware, as well as the dangers of sophisticated surveillance tools used by governments.
In the evening, the Maharashtra Police department said it was partially hit by the ransomware.
"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email", said Lance Cottrell, chief scientist at the USA technology group Ntrepid.
Russia's health ministry said its attacks were "effectively repelled".
U.S. Treasury Secretary Steven Mnuchin, at a meeting in Italy, said Saturday the attack was a reminder of the importance of cybersecurity.
A spokesman for the Cumbria Partnership Trust said: "The computers at Cumbria Partnership NHS Foundtion Trust are still unavailable and our staff are still operating services as usual safely in business continuity mode".
United States package delivery giant FedEx, European auto factories, Spanish telecoms giant Telefonica, Britain's health service and Germany's Deutsche Bahn rail network were among those hit.