Security researchers investigating the massive cyberattack campaign on Tuesday reported signs of a possible North Korean link.
"We are open to investigate in all directions, but we don't speculate and we cannot confirm this. It's still too early to say anything," said senior spokesman for Europol, Jan Op Gen Oorth.
"We are working on it. The investigation is ongoing," he told AFP. "It could come from everywhere, it could come from any country."
Security researchers investigating the massive cyberattack campaign on Tuesday reported signs of a possible North Korean link, with one expert warning there could be more to come.
In the first clues of the origin of the massive ransomware attacks, Google researcher Neel Mehta posted computer code that showed similarities between the "WannaCry" malware and a vast hacking effort widely attributed to Pyongyang.
In signs however the attack was slowing, Europol said the number of affected IP addresses around the world was 163,745 -- a 38 percent percent fall from the 226,000 reported on Sunday.
The attack blocks computers and puts up images on victims' screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: "Ooops, your files have been encrypted!"
Europol, the cross-border policing agency which is based in The Hague, said some 243 payments of a total of about $63,000 (57,000 euros) had been made since the attack was launched late Friday.
Dutch cyber spy chief Rob Bertholee meanwhile refused to be drawn on the identity of the attacks at a top cyber security conference being held in The Hague.
The Netherlands has already fingered Pyongyang as a possible threat to its national digital systems, he said.
"Every state actor could be an actor in cyber space. But we are specifically worried about a limited number of state actors. In our list of favourite state actors you can find Russia, you can find China, you can find Iran."
"And I think we might have a very capable adversary in North Korea as well," he added.