Security News > 2021 > November > Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software

Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software
2021-11-10 12:28

Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software.

"The medical company used Stor-a-file for the scanning of paper documents including medical records," our reader told us.

"From our investigations," continued Stor-a-File's statement, "The incident is limited to the small number of records we hold electronically. Everyone whose data may have been affected has been contacted. The millions of company and organisation records, held physically in boxes on shelves in our warehouses were unaffected."

We have asked NHS Digital for comment on whether NHS patient data was affected in the breach, though Stor-a-File assured us they were not.

Health records processed by Stor-a-File included HIV and genitourinary clinic records, finance department records and invoices, oncology and HR files "And many more" to quote the firm itself.

"The first indicator of compromise for the exploitation of this vulnerability are suspicious entries in a Serv-U log file named DebugSocketlog.txt. This log file is usually located in the Serv-U installation folder. Looking at this log file it contains exceptions at the time of exploitation of CVE-2021-35211," said NCC Group.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/10/stor_a_file_ransomware_attack_solarwinds_serv_u/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-35211 Out-of-bounds Write vulnerability in Solarwinds Serv-U
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.
network
low complexity
solarwinds CWE-787
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 103 81 51 268