The REvil group claims its malware, which initially targeted US IT firm Kaseya, has hit one million "systems".
This number has not been verified and the exact total of victims is unknown.
However, it does include 500 Swedish Coop supermarkets and 11 schools in New Zealand.
Two Dutch IT firms have also been hit, according to local media reports.
On Friday, cyber-security firm Huntress Labs estimated about 200 firms had been affected.
The "supply chain" attack initially targeted Kaseya, before spreading through corporate networks that use its software.
Kaseya said that fewer than 40 of its own customers had been affected.
But because Kaseya provides software to managed service providers, firms which themselves provide outsourced IT services to other companies, the number of victims may be much greater.
And the number of individual computer systems within those victim organisations could be greater still.
Kaseya chief executive Fred Voccola told the Associated Press that the number of victims would probably be in the low thousands, made up of small organisations such as dental practices and libraries.