The ransomware group targeting WS_FTP are targeting the web version. Shodan search: html:"WS_FTP" Add ssl:yourorg.domain to narrow down your assets, e.g. https://cyberplace.social/system/media_attachments/files/111/171/185/724/021/253/original/b4fdb387e8b1ff57.png