• Microsoft reports a surge in ransomware attacks linked to SharePoint server vulnerabilities.
• The group "Storm-2603" is exploiting these vulnerabilities to deploy ransomware.
• Over 400 victims have been identified, a significant rise from previous counts.
• U.S. government agencies, including the Department of Homeland Security, have been affected.
• Microsoft urges organizations to implement protective measures against these threats.

Microsoft has identified a notable escalation in cyber-espionage activities involving its SharePoint server software, now extending to the deployment of ransomware by a group it refers to as "Storm-2603." This group uses vulnerabilities in the software to infect systems, leading to paralyzed networks that demand cryptocurrency payments for access restoration, according to Reuters and Dawn.

Initially, investigations into SharePoint vulnerabilities focused on data exfiltration; however, the recent trend indicates a shift toward financial extortion. “The attack starts with the exploitation of an internet-facing SharePoint server,” Microsoft's Threat Intelligence team explains, highlighting the use of the "Warlock" ransomware in these new attacks. This shift has implications for a broad range of sectors, including government, energy, and consulting, as noted by India Times.

Reports indicate that the number of impacted organizations has surged from 100 to at least 400, a number that cybersecurity firm Eye Security claims might be an undercount. "There are many more, because not all attack vectors have left artifacts that we could scan for,” said Eye Security’s chief hacker, Vaisha Bernard, according to Reuters and Dawn.

Compromised U.S. government agencies include the Department of Homeland Security and several others, revealing the extensive reach of the hacking campaign. Responses from government cybersecurity arms have yet to clarify the full impact of these breaches, especially since Microsoft suspects state-sponsored hackers, including those from China, are exploiting the flaws. Beijing has denied these allegations, as noted by India Times and Reuters.

To combat the attacks, Microsoft has recommended organizations using on-premises SharePoint servers implement specific security measures, such as enabling Antimalware Scan Interface (AMSI) integration and deploying Defender Antivirus across affected servers. Disconnecting from the internet has also been advised if vulnerabilities cannot be patched adequately, according to India Times.