Microsoft warns of ransomware surge in SharePoint server attacks linked to Chinese hackers

Microsoft has issued a warring to organisations that are using on-premises SharePoint servers. The tech giant has confirmed that the hackers are exploiting vulnerabilities in its on on-premises SharePoint servers to deploy ransomware. The Microsoft Threat Intelligence team has identified a specific actor, designated Storm-2603, as being responsible for these new ransomware campaigns. Earlier, the exploration of SharePoint vulnerabilities led of data exfiltration, but the latest observations suggest motivated financial attacks leveraging the Warlock ransomware. Hackers are using the Warlock ransomware to paralyze networks and demand cryptocurrency payments.

How the attack works