"We expect this number to increase significantly over the course of the weekend", said Tom Robinson, lead investigator at Elliptic.
Wainwright says he is anxious that the ransomware attack might spread further once people return to work on Monday and log on to their computers.
Most victims were quickly able to recover infected systems with backups, said the group's chief economist, Scott Borg. Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex global investigation to identify the culprits".
A Telefonica spokesman said a window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files.
These hackers "have caused enormous amounts of disruption- probably the biggest ransomware cyberattack in history", said Graham Cluley, a veteran of the anti-virus industry in Oxford, England.
Chinese media reported Sunday that students at several universities were hit, blocking access to their thesis papers and dissertation presentations.
Had it not been for a young British cybersecurity researcher's accidental discovery of a so-called "kill switch", the malicious software likely would have spread much farther and faster.
Some experts said the threat had receded in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, and so limited the worm's spread. The server operates as a "sinkhole" to collect information about malware-and in Friday's case kept the malware from escaping.
Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm Proofpoint, was doing his own analysis.
It uses two leaked exploits linked to the US National Security Agency, codenamed ETERNALBLUE and DOUBLEPULSAR.
Both joined security officials in urging organizations to protect themselves by installing security fixes right away, running antivirus software and backing up data elsewhere.
"You're only safe if you patch ASAP". Those expectations prompted businesses to call in technicians to work over the weekend to make sure networks were protected with security updates needed to thwart Eternal Blue.
The bug exploited by the attack was hoarded by the United States national security agency (NSA), leaked earlier this year and since patched by Microsoft - but patches aren't flawless, rollouts take time and WannaCrypt locked up a lot of machines in its first wave. We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.
"The fact that so many organizations were vulnerable to this was quite a surprise", cyber expert and CEO of Capital Alpha Security in the U.K. Matt Tait told NPR.
The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. "So they no longer get the security updates they should be".
Figures obtained by The Sunday Post show almost every health board in Scotland has been targeted by a ransomware attack - whereby hackers block a computer until money is paid - over the last five years. But some experts have argued this attack could have been vastly mitigated if the NSA told Microsoft sooner.
Police said they had not been made aware of any attacks in New Zealand and the briefing to the ministry was a precaution. "But there's clearly some culpability on the part of the USA intelligence services". The tools appeared stolen by hackers, who dumped them on the internet.
If your computer has been affected, there's no guarantee that paying the ransom will restore it, Gazeley said.
The NSA and other spy agencies look for software vulnerabilities and then build tools to target and exploit them. "It's a handy thing to have, but it's a risky thing to have".
Hospitals are working hard to return to normal services, however they are still likely to be very busy so please only use Accident and Emergency services and 999 only when there is a genuine emergency.