Tech giant Microsoft has warned that cyber hackers attacking SharePoint servers are now using ransomware.
According to Reuters, in a blog post late on Wednesday, July 23, Microsoft said that after “expanded analysis and threat intelligence,” they have found that the hacker group, which it describes as “Storm-2603,” is using a software vulnerability to spread ransomware.
Ransomware is a type of malware that forces the networks of the victim to stop until they pay a digital currency ransom.
As per Netherlands-based cybersecurity firm Eye Security, it noted that Strom-2603 is different from typical state-based hacker campaigns that want to steal data, as ransomware causes major disruptions wherever it hits.
The new details revealed that the cyber attackers have escalated their attacks, which have already affected at least 400 victims.
Vaisha Bernard, the chief hacker for Eye Security, one of the first organisations that highlighted the breach, said, “There are many more, because not all attack vectors have left artefacts that we could scan for.”
Although the names of the organisations hit by the attack are not revealed yet, the National Institutes of Health confirmed that one of its servers was hacked, after which they isolated other servers to prevent any further damage.
Other reports suggested that the cyberattacks hit over a dozen US government agencies, including Homeland Security and the National Nuclear Security Administration.
