On July 10, 2026, Progress Software issued an urgent notification directing customers running ShareFile Storage Zone Controllers to immediately shut down their Windows servers due to a credible external security threat. Progress also temporarily disabled access between affected Storage Zone Controllers and the ShareFile cloud service as a precaution while the investigation continues.
At this time:
- Progress has not disclosed the nature of the threat.
- Progress states it has no current indication of unauthorized access to ShareFile accounts or data.
- Only customers using Storage Zone Controllers are affected. Cloud-only ShareFile tenants are reportedly not impacted.
- Progress has instructed customers to manually power off the servers hosting Storage Zone Controllers as a critical protection measure.
Why This Is Concerning
Storage Zone Controllers are typically:
- Internet-facing
- Responsible for file uploads/downloads
- Positioned between ShareFile cloud services and customer-controlled storage systems
Because they sit at the edge of the network and handle sensitive file transfers, they are attractive targets for threat actors.
Recommended Actions for IT Teams
If your organization uses ShareFile Storage Zone Controllers:
- Follow Progress guidance and power down affected Storage Zone Controller servers immediately.
- Preserve logs before making changes:
- Windows Event Logs
- IIS Logs
- ShareFile Logs
- EDR telemetry
- Review internet-facing access to the Storage Zone Controller.
- Check for:
- Unusual service creation
- New local administrator accounts
- Unexpected scheduled tasks
- Suspicious PowerShell execution
- Web shell indicators
- Monitor Progress advisories for updated guidance and remediation steps.
- Consider engaging your incident response team if sensitive data traverses the affected environment
The fact that Progress instructed customers to completely shut down servers instead of simply applying firewall restrictions or disabling services suggests the company considers the threat sufficiently severe that isolation alone may not be adequate. While no compromise details have been released, this response is unusual and should be taken seriously
What Helient Customers Should Know
For law firms and professional services organizations, ShareFile often contains highly sensitive documents including litigation files, financial records, HR records, and client communications. Any organization running an on-premises Storage Zone Controller should treat this as a potential security incident until more technical details are released. While Progress currently reports no evidence of customer data compromise, the directive to immediately shut down servers indicates a potentially serious threat actor activity under investigation.
Bottom Line
If you are using ShareFile Storage Zone Controllers, follow the vendor's instruction to shut down the servers and monitor Progress for further updates.
If you would like more information or assistance on implementing the recommended remediation steps, please contact our industry-leading experts at service@helient.com.