Microsoft says some SharePoint server hackers now use ransomware

In a significant revelation, Microsoft has reported that a cyber-espionage campaign targeting vulnerable versions of its server software has escalated to include ransomware attacks. The tech giant made this announcement through a blog post on Wednesday, highlighting the activities of a group identified as "Storm-2603." These attackers are exploiting a known vulnerability in SharePoint servers to deploy ransomware, which effectively immobilizes the networks of its victims until a ransom is paid in digital currency. This development signals a worrying intensification of the campaign, which has already impacted at least 400 organizations, as noted by cybersecurity firm Eye Security based in the Netherlands. The increase in the number of affected victims represents a sharp jump from the 100 organizations reported over the previous weekend. Eye Security's chief hacker, Vaisha Bernard, indicated that the actual number of victims is likely even higher, stating, "There are many more, because not all attack vectors have left artifacts that we could scan for." While the identities of most impacted organizations remain undisclosed, it has been confirmed that one of the servers belonging to the National Institutes of Health was compromised, prompting the isolation of additional servers as a precautionary measure. This campaign began following Microsoft's incomplete patch of a security vulnerability in its SharePoint server software, triggering urgent efforts to address the flaw. Both Microsoft and Google’s parent company, Alphabet, have alleged that Chinese hackers are among those exploiting this vulnerability, a claim that Beijing has denied. The situation continues to evolve as more organizations grapple with the ramifications of this cybersecurity threat.