The software attacks use a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin, reports news agency AFP.
The ransomware demands payment of 275 euros in Bitcoin within three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to a screen message.
Britain's National Health Service declared a the attack a “major incident” after dozens of its hospitals were hit on Friday.
Computers in thousands of locations have been locked by the programme, including Stockholm-based technology engineering firm Sandvik.
“It has affected computers in both administration and production,” Pär Altan, head of external communications at Sandvik, told news agency TT.
Altan said that a relatively small number of the firm’s computers had been affected by the attack.
“But the [attacks on] computers related to our production appears to be serious,” he said.
All affected computers were shut down in response to the attack, slowing down operations at the company significantly.
“But we stopped the virus from spreading,” Altan said.
It is unclear why Sandvik was singled out as a target for the attack, but an internal investigation aims to shed light on this, reports TT. The firm also said it refused to pay the ransom demanded by the hackers.
“We have not paid and we will not pay anything,” said Altan.
The attack also hit Timrå Municipality, with the virus spreading rapidly through computers at the city administration.
“We know that the rate of spread was high. We told everyone to shut down their computers,” Andreaz Strömgren of Timrå Municipality told TT.
The attack continues to be a source of problems for the municipality, reports TT.
“There are people, for example remote services, that need to use the computers. So it is clear that this is making things very difficult for them. It is a significant inconvenience,” Strömgren said.
The municipality’s IT department is currently working on resolving the issue.
“The reason the attack was successful is that our service provider did not update the security system to the latest version,” said Strömgren.
On Saturday, a cyber security researcher told AFP he had accidentally discovered a “kill switch” that can prevent the spread of the ransomware.
The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Computers already affected will not be helped by the solution.
However @MalwareTechBlog warned that the “crisis isn't over” as those behind it “can always change the code and try again.”
The ransomware's name is WCry, but analysts were also using variants such as WannaCry.
“It's unequivocally scary,” said John Dickson of the Denim Group, a US security consultancy.
Dickson said the malware itself, which exploits a flaw in Windows, was not new but that adding the ransomware “payload” made it especially dangerous.
“I'm watching how far this propagates and when governments get involved,” he said.
Friday's wave of cyberattacks, which affected dozens of countries, apparently exploited a flaw exposed in documents leaked from the US National Security Agency.
Microsoft released a patch to protect against vulnerability to the ransomware in March, but many systems may not have been updated, reports AFP.