Microsoft has attributed the attack to a group it calls Lace Tempest. The group is known for deploying a strain of ransomware called Clop, and an associated website where it displays its spoils – and where it posts stolen details of victims who didn’t pay.
Source: The Guardian