Britain's National Cyber Security Centre claimed it was working closely with the National Crime Agency "around the clock" to address the problem.
In India, the government said it had only received a few reports of attacks on systems and urged those hit not to pay attackers any ransom.
Avast said the majority of the attacks targeted Russia, Ukraine and Taiwan. Under current laws, they don't have to report the flaws to the company at risk. As of the weekend, it had spread to China, and security experts say it could just be getting started. The ransomware was created to repeatedly contact an unregistered domain in its code.
But security minister Ben Wallace said the Government had put £1.2 billion into combating cyber attacks during the last strategic defence and security review, including a £50 million pot to support NHS IT networks.
"In this case, when we registered it, it turned out to be a kill switch", Salim Neino, CEO of Kryptos Logic, which employs MalwareTech as a cybersecurity researcher, told ABC News. It gives incentives to hackers and pays for future attacks.
It remained unclear how many organizations had already lost control of their data to the malicious software - and researchers warned that copycat attacks could follow.
There is a high-probability that Russian-language cyber-criminals were behind the attack, said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs. In the United Kingdom, where the initial attack threw parts of the health care system into chaos Friday, the government scheduled an emergency meeting Monday afternoon to discuss the attack.
U.S. Treasury Secretary Steven Mnuchin, at a meeting of world leaders in Italy, said the attack was a reminder of the importance of cybersecurity.
"A lack of funding or priority for investments will have certainly played a big part for a cash-strapped NHS", says Martin Courtney, principal analyst for TechMarketView, speaking with Computerworld UK.
Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend's worldwide "ransomware" cyberattack.
Many people in fact believe someone at NSA must have tipped Microsoft that the files had been stolen, which is how it knew it needed to push out that particular patch, said Ryan Kalember of Proofpoint, a Sunnyvale, Calif. -based security firm whose researchers were instrumental in fighting the the WannaCry attack.
A year ago an acute-care hospital in Hollywood paid $17,000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.
In the wake of the attack, Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003. Some have also been machines involved in manufacturing or hospital functions, hard to patch without disrupting operations.
"The numbers are still going up", Wainwright said.
WannaCry has already caused massive disruption around the globe.
Described as "unprecedented" in scale by Europol, the wave of WannaCry ransomware attacks over the last four days brought hospital infrastructure to its knees.
Energy giant PetroChina (601857.SS) said payment systems at some of its petrol stations were hit, although it had been able to restore most of the systems.
"Global internet security has reached a moment of emergency", Qihoo360 warned.
Weber said the NSA's primary mission is intelligence: "If I were sitting at the NSA I would push that argument right back to Microsoft", he argued. A coal port in New Zealand shut temporarily to upgrade its systems. Some larger organizations, such as Spain's Telefonica SA and FedEx Corp. were also infected.
The U.S. Department of Homeland Security, in a statement late Friday, encouraged people to update their operating systems.
While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn't be vulnerable to Friday's attack.
The NSA and other spy agencies look for software vulnerabilities and then build tools to target and exploit them.