The US and Russia were among scores of countries affected by the virus, which also hit a Nissan plant in the UK.
Investigators are now working non-stop to hunt down those responsible for the Wanna Decryptor ransomware, also known as WannaCry.
Oliver Gower, of the National Crime Agency, said: “Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice.”
A British cyber whiz was hailed an “accidental hero” after he registered a domain name that unexpectedly stopped the spread of the virus, which exploits a vulnerability in Microsoft Windows software.
The anonymous specialist, known only as MalwareTech, prevented more than 100,000 computers across the globe from being infected.
A number of hospitals in England and Scotland were forced to cancel procedures after dozens of NHS systems were brought down in Friday’s attack.
Medical staff reported seeing computers go down “one by one” as the attack took hold, locking machines and demanding money to release the data.
Around a fifth of trusts were hit, with six still affected 24 hours later, amid concerns networks were left vulnerable because they were still using outdated Windows XP software.
Speaking after a Cobra meeting on Saturday, Home Secretary Amber Rudd admitted “there’s always more” that can be done to protect against viruses.
She said: “If you look at who’s been impacted by this virus, it’s a huge variety across different industries and across international governments.
“This is a virus that attacked Windows platforms. The fact is the NHS has fallen victim to this.
“I don’t think it’s to do with that preparedness. There’s always more we can all do to make sure we’re secure against viruses, but I think there have already been good preparations in place by the NHS to make sure they were ready for this sort of attack.”
NHS Digital, which manages the health service cyber security, said fewer than 5% of devices within the health service still use the old system Windows XP.
Just one day before the attack Dr Krishna Chinthapalli, a registrar in London, warned in a British Medical Journal article that some hospitals “will almost certainly be shut down by ransomware this year”.
Nissan UK confirmed it was affected, but said there had been “no major impact”.
It is understood its plant in Sunderland is not due to have another production shift until Sunday night.
A spokesman said: “Like many organisations around the world, some Nissan entities were recently targeted by a ransomware attack.
“Our teams are responding accordingly and there has been no major impact on our business. We are continuing to monitor the situation.”