Microsoft researchers have revealed evidence of a malware operation targeting multiple organizations in Ukraine in the wake of last week’s cyber attack on Ukrainian government websites. The new attack is deploying Master Boot Records (MBR) wiper malware disguised as ransomware. According to Microsoft, the malware first appeared on the victimized systems on January 13. 

The organizations attacked include government agencies that provide assistance to the executive branch or emergency response functions. An IT firm that manages websites for public and private sector clients was also attacked. Microsoft said the known victims most likely do not represent the full scale impact of the attack. The malware first overwrites the mBR and displays a ransom note and then executes wiper malware while the device is powered down. Researchers believe the attackers are not part of a cybercriminal ransomware group.

Read more: Ukraine: Wiper malware masquerading as ransomware hits government organizations