SharePoint-ageddon attacks riddled with free Warlock ransomware - and thousands of services could be compromised

• A remote code bug in SharePoint lets hackers hijack systems without even logging in
• Storm-2603 is exploiting unpatched servers using chained bugs to gain long-term access undetected
• ToolShell scored a perfect 10 on Bitsight’s risk scale, triggering immediate federal concern

A critical flaw in on-premises Microsoft SharePoint Servers has escalated into a wider cybersecurity crisis, as attackers move from espionage to extortion.

The campaign, initially traced to a vulnerability that allowed stealthy access, is now distributing ransomware, a development that adds an alarming layer of disruption to what was previously understood as a data-focused intrusion.

Microsoft has linked this pivot to a threat actor it refers to as “Storm-2603,” and victims whose systems have been locked out must pay a ransom, typically in cryptocurrency.