People and organizations were scrambling after the global attack, which began Friday and spread rapidly by email, to limit the damage or implement preventive measures.
Europol executive director Rob Wainwright said the situation could worsen on Monday when workers return to their offices after the weekend and log on.
Cybersecurity firm Avast said it tracked more than 75,000 ransomware attacks in 99 countries Friday.
The attacks exploit a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations that don't automatically update their systems.
Wainwright said Europol was working with the Federal Bureau of Investigation in the United States to track down those responsible, saying that more than one person was likely behind it.
Mr Wainwright said he was concerned that the numbers of those affected would continue to rise when people returned to work on Monday morning.
In a blog post late Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the U.S. National Security Agency, that leaked online in April.
The 5,500-strong Renault factory in Douai, northern France, one of the most important vehicle plants in the country, will not open on Monday due to the attack, sources told AFP. The initial demand was for $300 in bitcoins, but it now has gone up to $600 worth of the currency, Gazeley said.
Wainwright said the agency is analyzing the virus and has yet to identify who is responsible for the attack. The main challenge for investigators was the fast-spreading capabilities of the malware, he said, but added that so far, not many people have paid the ransoms that the virus demands.
In this case, he said, the NSA apparently handed the WannaCry makers a blueprint - pre-written code for exploiting the flaw, allowing the attackers to essentially cut and paste that code into their own malware.
(AP Photo/Mark Schiefelbein). A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, Saturday, May 13, 2017.
Foreign Minister Julie Bishop previously said authorities were working to validate if reports of cyber attacks in the country were linked to the global attack.
Steven Wilson, Head of Europol's European Cybercrime Centre, told Sky News: "It's not a massively sophisticated attack".
Symantec said the majority of organisations affected were in Europe. There also were reports that the powerful Investigative Committee, which investigates high-level crime, and several other telecommunications companies had been targeted.
French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was "implementing remediation steps as quickly as possible".
Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, had warned that an increasing number of hospitals could be shut down by ransomeware attacks in an article on the vulnerability of the NHS network in the "British Medical Journal" on Wednesday, two days before the major cyber-hack. Universities in Greece and Italy also were hit. The danger will be discussed at the G7 leaders' summit next month.
"The problem is the larger organizations are still running on old, no longer supported operating systems", said Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com.