Less than $70,000 has been paid in ransom in the global WannaCry cyber attack, and US authorities say even those who have paid did not got access to their data back.
The virus has locked up about 200,000 computers in more than 150 countries, taking control of files and then demanding payment to restore access.
The number of people paying could go up as the ransomware warned the cost would double after three days, and threatened to delete files within seven days if no payment was made.
See the live tracking map of the virus here.
Homeland security adviser Tom Bossert said about 150 countries had been affected by the attack and more than 300,000 machines infected.
A spokesperson for police agency Europol said the situation in Europe "seems stable".
In Asia, where many offices closed before the WannaCry ransomware struck on Friday, the attack has been less severe than expected.
The ransomware takes over users' files, demanding $US300 to restore them.
Computer giant Microsoft said the attack, which has affected hundreds of thousands of computers, should serve as a wake-up call.
Among the organisations targeted worldwide have been Germany's rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia's interior ministry.
Many firms employed experts over the weekend to try to prevent new infections.
Senior spokesman for Europol, Jan Op Gen Oorth, told the AFP news agency: "The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success.
"It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates."
UK Health Minister Jeremy Hunt has confirmed that British intelligence services had found no evidence of a second wave of attacks on Monday.
The badly affected National Health Service said seven out of 47 trusts that were hit were still facing serious issues.
French carmaker Renault said its plant in the northern town of Douai would not reopen on Monday as it dealt with the cyber-attack.
In Asia, the spread was reportedly slowing, with banking systems largely unaffected:
- Australia: At least eight businesses reported being locked out of their systems
- South Korea: Four companies reported problems over the weekend. One cinema chain was unable to display trailers
- Indonesia: Records at two hospitals were blocked
- Japan: Both Nissan and Hitachi reported some units had been affected, but not seriously
- China: Computers at nearly 30,000 institutions and organisations were affected, including government agencies and hospitals, internet firm Qihoo 360 said. Some payment systems and government services affected, but less than feared
Mr Bossert has also confirmed that no US federal government systems were affected.
Associated Press quoted Tim Wellsmore, of US security firm FireEye, as saying: "We expect this is a small operation ... They just happened to hit the mother lode."
Russian President Vladimir Putin said: "Russia has absolutely nothing to do with it."
EU Commissioner for Security Julian King told the BBC on Monday that the EU was proposing legislation to reinforce cyber security in the wake of the attack.
Should people pay?
Companies in Asia and Europe have been warning employees to be careful when clicking on attachments and links in their emails.
The message from the UK's National Crime Agency was "do not pay!" - there is no guarantee that systems will be restored.
Michael Gazeley, of Network Box, a Hong Kong-based cyber-security firm, told Reuters there were still "many 'landmines' waiting in people's inboxes", adding that his firm had detected a new version that infected users directly via a malicious link on hacked websites.
Becky Pinkard, from Digital Shadows, a UK-based cyber-security firm, also said it would be easy for the initial attackers or "copy-cat authors" to change the virus code so it was difficult to guard against.
A UK security researcher known as "MalwareTech", who helped to limit the ransomware attack, had predicted "another one coming ... quite likely on Monday".
MalwareTech, whose name was revealed in UK media to be 22-year-old Marcus Hutchins, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.
What's behind Microsoft's 'wake-up call' warning?
The computing giant said the tool used in the current attack had been developed by the US National Security Agency and was stolen by hackers.
It was highly critical of the way governments stored data on software vulnerabilities.
Microsoft president and chief legal officer Brad Smith said on Sunday: "We have seen vulnerabilities stored by the CIA show up on Wikileaks, and now this vulnerability stolen from the NSA has affected customers around the world.
"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen."
The organisation also said that many organisations had failed to keep their systems up to date, allowing the virus to spread.
Microsoft said it had released a Windows security update in March to tackle the problem involved in the latest attack, but many users were yet to run it.
How to protect yourself from a ransomware attack
- Always update your computer's operating system when new versions are available
- Make sure firewall and anti-virus software is up to date and fully operational
- Back up your data regularly on a device that is not connected to any network
- Be careful when opening emails - don't automatically trust emails from people you know
- Think before you open any attachments (even PDFs can be a risk)
- If you are the victim of a ransomware attack, report it via the CERT website
- Reuters / BBC