“If it turns out that Russia is pummeling Ukraine with cyberattacks,” he said, “and if that continues over the period ahead, we will work with our allies on the appropriate response.”
Understand the Escalating Tensions Over Ukraine
Mr. Sullivan said that the United States had been working with Ukraine to harden its systems and American networks if the string of ransomware and other attacks from Russia accelerates in the United States.
For President Vladimir V. Putin of Russia, Ukraine has often been a testing range for cyberweapons.
An attack on Ukraine’s Central Election Commission during a presidential election in 2014, in which Russia sought unsuccessfully to change the result, proved to be a model for the Russian intelligence agencies; the United States later found that they had infiltrated the servers of the Democratic National Committee in the United States. In 2015, the first of two major attacks on Ukraine’s electric grid shut off the lights for hours in different parts of the country, including in Kyiv, the capital.
And in 2017, businesses and government agencies in Ukraine were hit with destructive software called NotPetya, which exploited holes in a type of tax preparation software that was widely used in the country. The attack shut down swaths of the economy and hit FedEx and the shipping company Maersk as well; American intelligence officials later traced it to Russian actors. That software, at least in its overall design, bears some resemblance to what Microsoft warned of on Saturday.
The new attack would wipe hard drives clean and destroy files. Some defense experts have said such an attack could be a prelude to a ground invasion by Russia. Others think it could substitute for an invasion, if the attackers believed a cyberstrike would not prompt the kind of financial and technological sanctions that Mr. Biden has vowed to impose in response.
John Hultquist, a leading cyberintelligence analyst at Mandiant, said on Sunday that his firm had been telling its clients “to prepare for destructive attacks, including attacks that are designed to resemble ransomware.”
He noted that the Russian hacking unit known as Sandworm, which has since been closely linked to the Russian military intelligence agency, the G.R.U., had spent recent years developing “more sophisticated means of critical infrastructure attack,” including in Ukraine’s power grid.