An org hit by ransomware is telling me the threat actor got in via WS_FTP, for infos, so you might want to prioritise patching that. #threatintel
@f7d0478e Only a few days ago people were ridiculing this vulnerability because there were "only 550 servers" connected online. Looks like ransomware gangs didn't give a shit about the infosec community's opinions once again.
The ransomware group targeting WS_FTP are targeting the web version. Shodan search: html:"WS_FTP" Add ssl:yourorg.domain to narrow down your assets, e.g. https://cyberplace.social/system/media_attachments/files/111/171/185/724/021/253/original/b4fdb387e8b1ff57.png