The indiscriminate attack began Friday and struck banks, hospitals and government agencies, exploiting known vulnerabilities in older Microsoft computer operating systems.
Becky Pinkard, from Digital Shadows, a UK-based cyber-security firm, told AFP news agency that it would be easy for the initial attackers or "copy-cat authors" to change the virus code so it is hard to guard against.
Speaking about the NHS cyberattack, Sam Hutton the CTO at Glasswall Solutions said to LondonLovesBusiness.com on Saturday: "This is a major cyber-attack on the NHS in which criminals are potentially putting the wellbeing of an entire country at risk by locking up data and demanding a ransom".
Restrictions have been put in places at various hospitals over the past week, after more than 300,000 computers in 150 countries were infected with the WannaCry ransomware virus. "I am anxious about how the numbers will continue to grow when people go to work and turn on their machines on Monday morning".
Security firm Digital Shadows said on Sunday that transactions totaling $32,000 had taken place through Bitcoin addresses used by the ransomware.
A large-scale global investigation has been launched as police attempt to identify the perpetrators of the attack.
It was "too early to say" what the overall cost of the attack to public coffers would be, he said.
And he defended the Government after a National Audit Office report in November warned that taking money away from NHS services would leave them vulnerable.
Referring to the attack as a "wake-up call", Microsoft's President and Chief Legal Officer, Brad Smith wrote in a blog post that governments have "to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits".
Exploits in the hands of governments have repeatedly leaked into the public domain and caused widespread damage, wrote Smith, who compared the leaks of Central Intelligence Agency and NSA vulnerabilities to the USA military having some of its Tomahawk missiles stolen.
The attack therefore spread faster than previous, smaller-scale ransomware attacks.
Russia's interior ministry said some of its computers had been hit, while the country's banking system was also attacked, although no problems were detected, as was the railway system.
Symantec said the majority of organizations affected were in Europe.
French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was "implementing remediation steps as quickly as possible".
Dr Anne Rainsberry, national incident director at NHS England, said: "There are encouraging signs that the situation is improving, with fewer hospitals having to divert patients from their A&E units".