"Let’s move off this platform as soon as possible." In the case of Accellion's FTA, reverse engineering enabled attackers to drop a web shell - a script that enables remote execution of commands - onto any server running the FTA software, according to FireEye's Mandiant incident response group, which Accellion hired to investigate. The web shell allowed attackers to bypass authentication, remotely execute code on the vulnerable systems and steal data. In at least some cases, stolen data ended up in the hands of the Clop ransomware gang, which has been offering to sell it or to remove it if victims pay a ransom (see: