Progress Software is warning ShareFile customers who use Storage Zone Controllers to immediately take their servers offline, after the company identified what it describes as a “credible external security threat” targeting the on-premises component of its file-sharing platform.
ShareFile is Progress’ enterprise secure file sharing and collaboration platform. While many customers store files entirely in Progress’ cloud, organizations can instead deploy Storage Zone Controllers on their own Windows servers, keeping files on local storage while still relying on ShareFile’s cloud service for authentication, user management, and collaboration. Because these controllers broker file transfers between the cloud and customer-managed storage, they are typically exposed to the internet.
In an email sent to customers and titled “Service Disruption. Immediate Action Required,” Progress said it has “reason to believe there is a credible external security threat targeting Progress Software’s ShareFile Storage Zone Controllers.” The company stated it currently has no indication of unauthorized access to ShareFile accounts or data, but as a precaution has temporarily disabled cloud access to accounts using Storage Zone Controllers.
Notably, Progress is telling customers that disabling cloud access is not sufficient on its own. The email instructs administrators to manually shut down the Windows servers hosting their Storage Zone Controllers as a “critical additional step to ensure the safety” of their data.
The ShareFile status page currently confirms that customers using Storage Zone Controllers are not operational. Progress says the restrictions were implemented out of an “abundance of caution” while it works with internal and external cybersecurity experts to investigate, and it plans to provide another update within 24 hours.
Progress has not disclosed whether the threat involves a zero-day vulnerability, nor has it confirmed whether any Storage Zone Controllers have already been compromised. A company spokesperson referred inquiries back to the same details shared with customers via email.
Why this matters
The warning echoes previous large-scale attacks against enterprise managed file transfer software. In 2023, the Clop extortion gang exploited a zero-day in Progress’ MOVEit Transfer product to steal data from thousands of organizations before launching a mass extortion campaign. Internet-facing file transfer and file-sharing platforms have remained a favored target since, given the volume of sensitive data they typically handle.
- Customers running ShareFile Storage Zone Controllers should manually shut down affected Windows servers as instructed by Progress.
- Monitor the official ShareFile status page and Progress communications for updates.
- Review logs on Storage Zone Controller servers for signs of unauthorized access while awaiting further guidance.
