Cybersecurity researchers tied string of attacks targeting Accellion servers to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in legacy FTA software to install a new web shell named DEWMODE on victim networks and exfiltrating sensitive data. No ransomware was actually deployed in any of the recent incidents that hit organizations in the U.S., Singapore, Canada, and the Netherlands, with actors resorting to extortion emails to threaten victims into paying bitcoin ransoms.
Source: https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html