By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.
Security experts warn that while computers at more than 300,000 internet addresses were hit by the ransomware strain, further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences.
Several of its customers are still running older versions of the operating system even though the software maker has discontinued support for them.
Users of older software, such as Windows XP, had to pay hefty fees for technical support, it added.
As cybersecurity threats continue to evolve, ransomware is fast becoming the number one cyber security challenge for businesses, irrespective of their size, location or industry they operate in.
In laboratory testing, researchers at MWR and Kyptos say they have found Windows XP crashes before the virus can spread.
Microsoft has been limiting support for its older software and is trying to convince users to switch to its more secure and newer Windows 10.
Since Microsoft offered patches for this vulnerability before the attacks took place, "then it's on the users to apply those patches for their own safety", said Olds.
Nicolas Godier, a researcher at the computer security firm told AFP, "It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different objective", he said. They often spend months evaluating how these updates will affect their systems and finding fixes.
EternalBlue is the powerful spy tool born inside the National Security Agency's Maryland headquarters from a secret software flaw.
Chris Wysopal, of the software security firm Veracode, said criminal organisations were probably behind the attack, given how quickly the malware spread.
"What really makes the magnitude of this attack so much greater than any other is that the intent has changed from information stealing to business disruption", said Samil Neino, 32, chief executive of Los Angeles-based Kryptos Logic.
Friday, the company scrambled to do the same for its older operating systems hit hardest by the virus.
If the attackers hit critical national infrastructure and cause death and destruction, then you enter the realm of the War Powers Act and post 9/11 legislation, as well as the core presidential authority to pursue the attackers and country housing them.
Mukul Shrivastava, Partner, Fraud Investigation & Dispute Services, EY India says, "Many organizations did not update servers with the latest "patch" and block known file types (or websites) which are known sources of the ransomware resulting in virtually no protection against the known threat".
Here's what we now know about the ransomware known as WannaCry, which locked up digital photos, documents and other files to hold them for ransom. Around 200,000 victims in 150 countries have been affected, according to European Union police force Europol, many of them businesses including major corporations such as Nissan, FedEx and Hitachi.
These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims.
WannaCry flooded computers around the world with ransomware, locking up those networks until a specified amount was paid. In total the hackers made no more than $70,000, a White House security adviser said on Tuesday.
A few days after WannaCry came to light, the Shadow Brokers posted a message online stating that the group would begin a monthly data-dump service, selling access to top-notch exploits to those willing to pay. "That's what the data shows", MWR research head Pratley said.
WannaCry in that sense is just the tip of the iceberg.