back to article Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software

Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software. The company informed its clients about the September attack, and told The Register that it refused to pay. We understand some data has been leaked by …

  1. IGotOut Silver badge

    Whataboutism.

    "The millions of company and organisation records, held physically in boxes on shelves in our warehouses were unaffected."

    Yeah, so we ran unpatched, insecure software facing the Internet, but hey, look at all these paper records they couldn't nt get to!

    1. Version 1.0 Silver badge
      Thumb Up

      Re: Whataboutism.

      Internet access is the standard these days for everyone ... is malware just a "feature"? At least we now know that it was done ...

    2. chasil

      ROP Gadgets

      What is more interesting is that a ROP gadget exploit was used to attack the server.

      OpenBSD goes to great lengths to defeat ROP gadget attacks. The compiler is modified to exclude certain machine instructions at the ends of functions, and the ASLR runs so deep that the kernel and C libraries are relinked at every boot to randomize locations in memory.

      "Tracked as CVE-2021-35211, the Serv-U vuln allowed an attacker to achieve remote code execution through what Microsoft described as a Return Oriented Programming attack, as we reported at the time."

      For SFTP services, OpenBSD is in the top tier for security.

      https://www.openbsd.org/papers/asiabsdcon2019-rop-paper.pdf

      1. Anonymous Coward
        Anonymous Coward

        Re: ROP Gadgets

        For SFTP services, OpenBSD is in the top tier for security.

        That's why I am happy with my current ISP, they run their entire platform on FreeBSD. It means I have web services, SFTP access and a usable command line via SSH with fewer security worries (unless, of course, I'm an idiot and choose simple passwords :) ). They also serve financial institutions, which means I have the added benefit of the security processes that that imposes on them as well (one of the reasons I chose them in the first place, it's an old trick).

        This is why I like interoperability in general - a non-homogenous platform avoids the cascade effect you get when a new vulnerability exposes otherwise an entire platform.

    3. HildyJ Silver badge
      FAIL

      Re: Whataboutism.

      It seems the security which their website touts ("Each step of every one of our services is conducted by experienced industry professionals in accordance with strict quality and security standards.") was designed and developed for the physical security of their documents.

      Some 'bright' soul decided scanning those documents would be a new revenue stream and they had no clue how to secure it or keep it secure.

      Ignoring priority updates that close actively exploited malware holes is suboptimal.

  2. badflorist

    Serv-U .. ?

    Is this the same Serv-U that was used by FTP scanners 20 years ago...? The one that on Windows had a green tracy icon, maybe blue and red in there too?. That was a very popular/delpolyable package for scanners, it was on a lot of systems (at least Windows based).

    I ran a private and very loose NT "server" for Games employee resources and one day that little fucker started showing up in logs. After it's removal they kept on scanning, and scanning, and scanning. On the upshot, one of the things they dropped off was a "pre" of Donnie Darko, so it wasn't all bad.

    Either way, it's been a while since I've seen that name.

    1. Zippy´s Sausage Factory
      Unhappy

      Re: Serv-U .. ?

      I'd also forgotten it existed until my hosting service told me they were discontinuing use of it a couple of weeks ago. Which made me laugh as I'm on their Linux platform. Then they made me sad by telling me they were discontinuing that, too.

    2. Anonymous Coward
      Anonymous Coward

      Re: Serv-U .. ?

      Hmm, this relates. McAfee AV had a habit for *years*, likely still true, of irretrievably deleting any file that had the 13 char string "Serv-U Daemon" inside. No way around it. No notice, no explanation.

      The horror of McAfee and most viruses are just about equal, in my view.

  3. Anonymous Coward
    Anonymous Coward

    More microshite software being used

    To pass personal fata to criminals. The time has passed for the the use of persistent ly neglent software from this shit show. They see to spend more effort to embarrass competitors by trawling binary codethan simply looking at their own source code of failure.

    1. X5-332960073452
      Megaphone

      Re: More microshite software being used

      Did you even RTFA, not one mention of MS

  4. Anonymous Coward
    Anonymous Coward

    FTFUCKINGP

    Shoot the lot of them

  5. Anonymous Coward
    Anonymous Coward

    august attack in september .. uh?

    "... suffered a ransomware attack in_ August _that exploited an unpatched instance of SolarWinds' Serv-U FTP software.

    The company informed its clients about the_ September _ attack, and told The Register that it refused to pay. "

  6. Anonymous South African Coward Silver badge

    We run a filezilla ftp server, but it goes into a DMZ.

    If they haxx0r it, they'll get nowhere. And there's nothing worth to steal anyway.

  7. Cuddles Silver badge

    Impressive job

    ""We have now removed all third party software from our secure system to prevent any similar issues in the future," said Stor-a-File."

    All third party software? Really? They've written not only all their own software in-house, but an entire OS as well? If they're able to do that on such short notice, one can't help wondering why they were running outdated versions of third party software in the first place.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022