Progress urges ShareFile admins to shut down servers over “credible” threat
3 mins read

Progress urges ShareFile admins to shut down servers over “credible” threat

Progress Software is emailing ShareFile customers who use Storage Zone Controllers to immediately shut down their servers after identifying what it describes as a “credible external security threat” targeting the on-premises secure file-sharing software.

ShareFile is Progress Software’s enterprise secure file sharing and collaboration platform that allows customers to host their files in Progress’ cloud infrastructure.

However, organizations can opt to deploy Storage Zone Controllers to on-premise Windows servers to allow files to remain hosted locally within an organization’s own storage while continuing to use ShareFile’s cloud platform for authentication, user management, sharing, and collaboration.

In these hybrid deployments, the ShareFile cloud authenticates users and determines which Storage Zone contains their files. When a user uploads or downloads a file, ShareFile directs the request to the organization’s Storage Zone Controller, which retrieves or stores the file on the company’s own storage before transferring it to the user.

Because Storage Zone Controllers handle file transfers between the cloud platform and and customer-managed storage, they are typically Internet-accessible servers.

The warning, sent to customers in an email last night and seen by GeekFeed, is titled “Service Disruption. Immediate Action Required.”

“We have reason to believe there is a credible external security threat targeting Progress Software’s ShareFile Storage Zone Controllers,” reads the email.

“Currently, we have no indication of unauthorized access to any Progress ShareFile accounts or data. As a precaution, we have temporarily disabled access to ShareFile accounts using the Storage Zone Controllers, including yours.”

Progress is also instructing customers to manually shut down the Windows servers hosting Storage Zone Controllers, indicating that disabling access through the ShareFile cloud platform is not enough to mitigate the threat.

“You must manually shut down the server hosting your Storage Zone Controllers. This is a critical additional step to ensure the safety of your data,” the company told customers.

Progress says it implemented temporary restrictions out of an “abundance of caution” while working with internal and external cybersecurity experts to investigate the threat, and it plans to provide customers with another update within 24 hours.

The ShareFile status page now shows a warning stating, “ShareFile customers with Storage Zone Controllers are not operational at this time.”

ShareFile Warning
ShareFile Warning

Progress has not disclosed whether the threat involves a zero-day vulnerability or whether any Storage Zone Controllers have been compromised.

The warning is similar to previous attacks targeting enterprise file transfer and file sharing software.

In 2023, the Clop extortion gang exploited a zero-day vulnerability in Progress MOVEit Transfer to steal data from thousands of organizations before launching a widespread extortion campaign against victims.

Since then, attackers have continued targeting Internet-facing managed file transfer and enterprise file-sharing platforms due to the sensitive data they often expose.

A Progress spokesperson shared the same details provided to customers via email when asked by GeekFeed for more information on the cyber threat.

Leave a Reply

Your email address will not be published. Required fields are marked *