Four security companies that investigated attacks on US companies have seen a level of sophistication in at least a half dozen cases over the last three months akin to those used in state-sponsored attacks, including techniques to gain entry and move around the networks, as well as the software used to manage intrusions.
The ransomware attacks have not previously been reported. None of the companies that were victims of the hackers agreed to be identified publicly.
Asked about the allegations, Chinas Foreign Ministry said on Tuesday that if they were made with a serious attitude and reliable proof, China would treat the matter seriously.
The security companies investigating the advanced ransomware intrusions have various theories about what is behind them, but they do not have proof and they have not come to any firm conclusions.
The cyber security experts could not completely rule out more prosaic explanations, such as the possibility that ordinary criminals had improved their skills and bought tools previously used only by governments.
Ransomware has been around for years, spread by some of the same people that previously installed fake antivirus programs on home computers and badgered the victims into paying to remove imaginary threats.
In the past two years, better encryption techniques have often made it impossible for victims to regain access to their files without cooperation from the hackers. Many ransomware payments are made in the virtual currency Bitcoin and remain secret, but institutions including a Los Angeles hospital have gone public about ransomware attacks.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now