Microsoft said the attackers targeted a wide variety of systems within an hour on Tuesday, adding that it was unable to link the attacks to any known group so far.
However, the researchers found that the hacks closely mirrored previous attacks by a cyber team linked to the Russian government that disrupted Ukrainian government agencies.
Ukraine has been the target of several cyberattacks launched by Russia since the conflict began in late February, according to Western security researchers and senior government officials.
The Russian Embassy in Washington did not immediately respond to a request for comment from Reuters, as well as the cybersecurity agencies of Ukraine and Poland.
Microsoft said that victims of the new ransomware, called Prestige, are interfering with victims of another cyber attack that targeted data that included the publication of the malware FoxLoad or HermeticWiper.
This attack had infected hundreds of computers in Ukraine, Lithuania and Latvia at the start of Russia’s war on Ukraine.
Microsoft said the Prestige ransomware works by encrypting victims’ data, leaving a ransom note stating that the data can only be unlocked by purchasing a decryption tool.
In several cases, the researchers noticed that the hackers had gained control of the victims’ systems administrator rights before the ransomware was released, indicating that they stole their credentials earlier and were waiting for the right moment.