Ransomware attacks on rise after hackers exploit SharePoint's server vulnerability

What began as a stealthy cyberattack on SharePoint Servers has now escalated into full-blown ransomware attacks, Microsoft confirmed in an update to a previously published blog post.

The company has announced that a hacking group it tracks as “Storm-2603” is exploiting a known vulnerability in Microsoft SharePoint Server to drop ransomware into victim networks. Instead of just stealing data, the attackers are now using ransomware to lock down systems and demand payment.

It’s worth noting that this cyberattack has already impacted at least 400 organizations, according to Dutch cybersecurity firm, Eye Security. That number is up sharply from around 100 known victims just a few days ago, and security experts believe the real count is much higher.

Vaisha Bernard, the firm’s lead hacker, said many victims may have gone unnoticed due to the widespread nature of the breach. “There are many more, because not all attack vectors have left artifacts that we could scan for,” she said.

The list of affected groups is still incomplete, but some high-profile breaches are beginning to surface. The National Institutes of Health confirmed that one of its servers was compromised. As a precaution, other systems were isolated. That’s not all, the U.S. nuclear weapons agency was reportedly also breached in SharePoint hack.

Other reports suggest the Department of Homeland Security and several additional U.S. agencies may also have been affected. Both Microsoft and Google have said that Chinese hackers are actively exploiting the flaw, but China has denied any involvement.