Urgent Security Threat Prompts Progress Software to Advise ShareFile Storage Zone Controller Shutdown
Progress Software has issued an urgent directive to **ShareFile** customers utilizing **Storage Zone Controllers**, advising an immediate shutdown of their servers due to a "credible external security threat." The company has temporarily disabled access for affected accounts and is working with cybersecurity experts to investigate the nature of the threat.
Progress Software, the company behind the **ShareFile** enterprise secure file sharing and collaboration platform, has alerted customers to a significant security concern.
The alert specifically targets organizations that deploy **Storage Zone Controllers** on-premise. These controllers enable companies to host files locally while leveraging **ShareFile**'s cloud for authentication and collaboration.
### Immediate Action Required for On-Premise Deployments
**Progress Software**'s communication, titled "Service Disruption. Immediate Action Required," urges customers to take swift action. "We have reason to believe there is a credible external security threat targeting **Progress Software**'s **ShareFile Storage Zone Controllers,"** the email states.
Crucially, customers are instructed not only to expect temporary access restrictions from **Progress Software** but also to manually shut down the Windows servers hosting their **Storage Zone Controllers**. This suggests the threat cannot be fully mitigated by cloud-side controls alone.
### Understanding Storage Zone Controllers
**Storage Zone Controllers** are typically internet-accessible servers because they manage file transfers between the **ShareFile** cloud platform and customer-managed storage. In hybrid deployments, the **ShareFile** cloud authenticates users and directs requests to the appropriate **Storage Zone Controller** for file access.
### No Indication of Compromise Yet
As of the initial alert, **Progress Software** stated, "Currently, we have no indication of unauthorized access to any **Progress ShareFile** accounts or data." The company emphasized that the temporary restrictions and shutdown directive are out of "an abundance of caution" while an investigation, involving internal and external cybersecurity experts, is underway.
### Parallels to Previous Incidents
This incident bears similarity to past attacks on enterprise file transfer and file sharing software. Notably, in 2023, the **Clop** extortion gang exploited a zero-day vulnerability in **Progress MOVEit Transfer** to steal data from numerous organizations, leading to widespread extortion campaigns. Attackers continue to target internet-facing managed file transfer and enterprise file-sharing platforms due to the sensitive data they often handle.
**Progress Software** has not yet disclosed whether the current threat involves a zero-day vulnerability or if any **Storage Zone Controllers** have been compromised. Customers are awaiting further updates within 24 hours.
