An international manhunt was under way for the plotters behind the world's biggest-ever computer ransom assault which has affected more than 150 countries.
The indiscriminate attack, which began Friday, struck banks, hospitals and government agencies, exploiting known vulnerabilities in old Microsoft computer operating systems.
US package delivery giant FedEx, European car factories, Spanish telecoms giant Telefonica, Britain's health service and Germany's Deutsche Bahn rail network were among those hit.
Europol executive director Rob Wainwright said the situation could worsen on Monday when workers return to their offices after the weekend and log on.
"We've never seen anything like this," the head of the European Union's policing agency told Britain's ITV television, calling its reach "unprecedented".
Wainwright described the cyberattack as an "escalating threat".
"I'm worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday," he said.
The warning was echoed by Britain's National Cyber Security Centre: "As a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale."
The 5,500-strong Renault factory in Douai, northern France, one of the most important car plants in the country, will not open on Monday due to the attack, sources told AFP.
Images appear on victims' screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: "Ooops, your files have been encrypted!"
Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.
Bitcoin, the world's most-used virtual currency, allows anonymous transactions via heavily encrypted codes.
Experts and governments alike warn against ceding to the demands and Wainwright said few victims so far had been paying up.
Yesterday, security firm Digital Shadows said that transactions totalling $32,000 had taken place through Bitcoin addresses used by the ransomware.
The culprits used a digital code believed to have been developed by the US National Security Agency - and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.
(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)