Security News > 2021 > November > Stor-a-File hit by ransomware after crooks target SolarWinds Serv-U FTP software
Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software.
"The medical company used Stor-a-file for the scanning of paper documents including medical records," our reader told us.
"From our investigations," continued Stor-a-File's statement, "The incident is limited to the small number of records we hold electronically. Everyone whose data may have been affected has been contacted. The millions of company and organisation records, held physically in boxes on shelves in our warehouses were unaffected."
We have asked NHS Digital for comment on whether NHS patient data was affected in the breach, though Stor-a-File assured us they were not.
Health records processed by Stor-a-File included HIV and genitourinary clinic records, finance department records and invoices, oncology and HR files "And many more" to quote the firm itself.
"The first indicator of compromise for the exploitation of this vulnerability are suspicious entries in a Serv-U log file named DebugSocketlog.txt. This log file is usually located in the Serv-U installation folder. Looking at this log file it contains exceptions at the time of exploitation of CVE-2021-35211," said NCC Group.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-14 | CVE-2021-35211 | Out-of-bounds Write vulnerability in Solarwinds Serv-U Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. | 10.0 |