A malware family has infected more than 2.6 million Windows XP machines in Russia and is targeting security software, software developers and users.
According to the malware group, the malware is known as Petya, and it is distributed on the Dark web, which is restricted to the most advanced criminals and criminal gangs.
“A malicious software package named Petyaa has been discovered on a Windows XP machine belonging to a developer,” the malware authors wrote.
The researchers added that the malware contains code that targets “some Windows 7 software” and the ransomware’s author is identified as a “Russian hacker.”
The Windows XP operating system has been updated since April 7 and users are urged to stop using it until the update is out.
Microsoft has already said it will release a patch on April 14 to fix the Windows XP issue, but it will be a long wait.
In February, Windows XP users in Russia found out about the malware after an employee at a cybersecurity firm reported that his computer was infected with Petyaaa malware.
Several users who were infected by the malware reported being able to download files from the dark web.
After being told by the company to uninstall the ransomware, the employee said that the infection stopped.
However, Microsoft later confirmed the existence of the Petyaias malware and it has been reported in more than 70 countries.
Experts have warned that a number of ransomware infections are being attributed to malware known as CryptoWall, which was developed by an Israeli company called NetApp and is based on the code of CryptoWall.
It uses CryptoWall’s cryptographic function and encrypts files using a different method.
NetApp said it has already patched the Peshaa infection and said that it has removed the malware from its own network.
Petyaa was first spotted in Russia in March 2015, but the researchers at Trend Micro say it is now being used by at least a dozen different criminal groups.
Security firm Symantec warned in February that Petyaea had infected more Microsoft Windows systems than all other ransomware infections combined, and Symantep also noted that some Petyakas had been detected in the wild.
This article was updated to include additional information about the threat.
You can follow Live Science on Twitter @livescience.
Follow Live Science for the latest in science news and discoveries on Twitter at @lmscience and on Facebook.