'I'm anxious about how the numbers will continue to grow when people go to work and turn on their machines on Monday, ' he said.
Among the attempted attacks by the malicious WannaCry ransomware, 60 percent were targeted towards enterprises and 40 percent towards individual customers.
But had it not been for a cybersecurity researcher and a programmer, the attack could have spread farther and faster.
Then there's the USA government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.
Following a meeting of the Government's Cobra contingencies committee, Home Secretary Amber Rudd said more than a million patients had been treated in the course of Monday.
Carmaker Renault said one of its French plants, which employs 3,500 people, wasn't reopening Monday as a "preventative step" while technicians deal with the aftermath of the attack.
Microsoft also blamed the US government, calling the attack a "wake-up call", and pleading with the government to "stop stockpiling tools to exploit digital vulnerabilities".
The NHS was among hundreds of organisations affected around the world, with 47 trusts hit.
A fast-moving ransomware variant has infected thousands of computers in at least 74 countries.
But Bruce Schneier, chief technology officer for IBM Resilient Systems, has suggested that a state-sponsored actor, most likely Russian Federation, was probably responsible for the initial hack of the NSA.
"Those tools have been used by the hackers group, who are now demanding ransom to release the system they had hacked", he said.
Some victims were using computers that run on Windows XP, a 16-year-old operating system. "You pay a cybercriminal and that creates an industry which will attract other suppliers of ransomware", Holmes said. You can change the locks but what has happened cannot be undone. "If you need that data back, you're going to pay".
Ryan Kalember, senior vice president at Proofpoint Inc., which helped stop its spread, said the version without a kill switch could spread.
Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.
"We haven't fully dodged this bullet at all until we're patched against the vulnerability itself", Kalember said. It encrypts all the data it can find then demands a ransom for the encryption key.
Japan's Chief Cabinet Secretary Yoshihide Suga said there weren't any concerns about damage in the country.
Countries around the world are still dealing with an ongoing ransomware attack that hit institutions and businesses worldwide, including hospitals in the United Kingdom, the Russian interior ministry and universities in China.
Europol said more than 200,000 computers around the world had been affected over the weekend in what it said was "an unprecedented attack".
Microsoft's top lawyer is laying some of the blame at the feet of the US government.
"We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world".
It's spread using an exploit developed by the NSA called EternalBlue which was leaked by a hacker collective in April.
Many firms have had experts working over the weekend to prevent new infections.