Nonetheless, intruders managed to steal the data of several Accellion FTA users. Several high-profile press reports<\/a> about the leaks<\/a> followed. Apparently, not all of the victims agreed to pay the ransom, so the attackers carried out their threat to share the data they\u2019d stolen.<\/p>\n Recently, we registered mass e-mails aimed at compromising victims\u2019 reputations in the eyes of employees, clients, and partners, as well as compet itors. The extent of the mailings and the sources of the addresses are not known for sure, but it seems the cybercriminals were trying to reach as many viewers as they could.<\/p>\n The attackers\u2019 e-mail to employees, clients, partners, and competitors.<\/p><\/div>\n The messages urged recipients to use the Tor browser to visit a .onion site, and they claimed the website got tens of thousands of hits per day. Among the purported visitors: all kinds of hackers and journalists able to cause even greater damage to a company\u2019s infrastructure and reputation. Interestingly, the site belongs to the CL0P group, which specializes in ransomware, although in the attacks through the Accellion FTA vulnerabilities, the files were not encrypted. The hackers, it seems, took advantage of this convenient platform.<\/p>\n Of course, the aim is to intimidate other victims. Incidentally, both the e-mail and website contain details for contacting the attackers so as to get the published files removed, although there is little point once the information is out there.<\/p>\n It is also worth noting that the site features an ad offering lessons for administrators on closing the vulnerabilities through which data was stolen \u2014 for $250,000 in bitcoin.<\/p>\n Offer to help potential victims avoid the same fate.<\/p><\/div>\n We rather doubt anyone will bite. For starters, the developers have already released updated versions of Accellion FTA, and anyway, asking for help is tantamount to admitting that you can\u2019t close the vulnerability and it\u2019s still exploitable.<\/p>\n First, update Accellion FTA \u2014 or better, stop using the solution altogether (even the developers advise that).<\/p>\n Second, update all software products and services that have access to the Internet. It\u2019s important to do that right away but also to ensure ongoing, timely updates.<\/p>\n In addition, protect every device \u2014 be it a workstation, server, or hardware\/software solution \u2014 with a modern security product<\/a> that can detect attempts to exploit vulnerabilities, including unknown ones.<\/p>\nHow cybercriminals publish data<\/h2>\n
![\"The](\"https:\/\/www.accellion.com\/sites\/default\/files\/trust-center\/accellion-fta-attack-timeline.png\")
<\/a><\/a>How to protect your company against such attacks<\/h2>\n