The ransomware group targeting WS_FTP are targeting the web version.  Shodan search: html:"WS_FTP"

Add ssl:yourorg.domain to narrow down your assets, e.g.

https://cyberplace.social/system/media_attachments/files/111/171/185/724/021/253/original/b4fdb387e8b1ff57.png