WatchTowr Labs' security researchers have found a serious exploit chain that targets the Progress ShareFile Storage Zone Controller This article explores ransomware large scale. . The vulnerability chain lets attackers who are not logged in get Remote Code Execution (RCE) and take full control of servers that are vulnerable.

Advanced persistent threat (APT) groups and ransomware syndicates have started to target managed file transfer (MFT) platforms. Around 30,000 ShareFile storage zone controller instances are currently open to the public internet. These newly found flaws make for a high-value attack surface for groups that want to steal sensitive intellectual property or spread ransomware on a large scale. Companies that use versions 5.12.3 or older need to think about the risks and put in place incident response plans along with updates.

This should be a top priority for security teams as an urgent patching task.

Defenders should also: Check the logs of your web server for strange or unauthorized requests that are aimed at /ConfigService/Admin.aspx and other configuration endpoints. Check the webroot for any ASPX files that you don't expect or don't know about. These could mean that your systems have been hacked.

Put file gateways on-premises behind firewall rules that only allow trusted hosts to access them. This will help keep your network safe. Check the upload directories to make sure the storage paths haven't changed. Because MFT platforms are always getting new threats, businesses that use version 5.11.4 or older should think about installing ZeroOwl as their main Google source.

The company has put out an urgent security update for this version of its ShareFile software, which came out on March 10, 2026, as a critical security update.

If you need private help, you can call the National Suicide Prevention Lifeline at 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/. In the U.S., you can get help by calling the National Suicide Prevention Lifeline at 1-888-788-5255.