CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

Someone else looking for some fame, it seems, managed to reverse engineer our changes that we had bundled up and published a public disclosure detailing the exploit method and taking credit for the vulnerability,” a spokesperson for CrushFTP told Recorded Future News. The warnings to customers of CrushFTP — used by thousands of companies to send and receive important data — have increased over the last two weeks, with the Cybersecurity and Infrastructure Security Agency (CISA) confirming on Monday that the bug is being exploited. Federal cybersecurity officials as well as incident responders at cyber companies say hackers are exploiting a vulnerability within the popular file transfer tool Crush. Outpost24 and multiple incident response companies confirmed that organizations are being attacked through the bug and both Shadowserver as well as Censys said there are hundreds of exposed CrushFTP instances on the internet. Outpost24 contacted CrushFTP on March 13 and planned to wait 90 days before publicly disclosing the vulnerability — in an effort to give customers a chance to patch. The CrushFTP spokesperson said now that the vulnerability is weaponized, the company will send another email urging customers to update their systems. CrushFTP is the latest file transfer software to face mass exploitation following repeated attacks on popular tools from Cleo, MOVEit, GoAnywhere and Accellion. The spokesperson noted that there are workarounds that mitigate the vulnerability but would not show up in internet scans, potentially skewing the number of unpatched servers seen by Shadowserver and Censys. Over the last two weeks, defenders have warned that hackers are now exploiting the bug and on Monday, the Kill ransomware gang claimed it had "obtained significant volumes of sensitive data" by exploiting CVE-2025-31161. Last Friday, American food manufacturing giant WK Kellogg confirmed that hackers stole employee information through the Cleo file transfer tool.

This Cyber News was published on therecord.media. Publication date: Tue, 08 Apr 2025 18:10:28 +0000

Cyber News related to CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
7 months ago Cybersecuritynews.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
6 months ago Cybersecuritynews.com

'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media

CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News - Someone else looking for some fame, it seems, managed to reverse engineer our changes that we had bundled up and published a public disclosure detailing the exploit method and taking credit for the vulnerability,” a spokesperson for CrushFTP told ...
6 months ago Therecord.media CVE-2025-31161

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 year ago Therecord.media

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta

CISA says it will continue to monitor Russian cyber threats | The Record from Recorded Future News - Both The Guardian and Washington Post bolstered the claims about CISA by saying a recent speech on critical infrastructure cyber threats by a senior State Department official did not mention Russia. The story emerged on Friday around the same time as ...
7 months ago Therecord.media

Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News - While the group is based in China, Microsoft previously said it is “unable to confidently assess the threat actor’s objectives.” The two other Chinese groups identified with the so-called “ToolShell” campaign — Linen Typhoon and Violet ...
2 months ago Therecord.media CVE-2025-49706

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit

Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com

The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta

Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit

Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base

Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
1 year ago Bleepingcomputer.com

What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 year ago Cyberdefensemagazine.com Akira

10 Best Dark Web Monitoring Tools in 2025 - DarkOwl is a comprehensive dark web monitoring tool that provides organizations with real-time intelligence on emerging threats and data breaches. Recorded Future is a comprehensive dark web monitoring tool that leverages machine learning and ...
2 months ago Cybersecuritynews.com

Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com

Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS

Researchers link 3AM ransomware to Conti, Royal cybercrime gangs - Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. The 3AM ransomware gang's activity was first ...
1 year ago Bleepingcomputer.com Blacksuit LockBit Threeam

FBI: Royal ransomware asked 350 victims to pay $275 million - The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. In an update to the original advisory published in March with additional information ...
1 year ago Bleepingcomputer.com Blacksuit

Food and agriculture sector hit with more than 160 ransomware attacks last year - The U.S. food and agriculture sector dealt with at least 167 ransomware attacks last year, according to the leading industry group. In its first annual report, the Food and Agriculture-Information Sharing and Analysis Center said the industry was the ...
1 year ago Therecord.media 8base LockBit Akira Snatch

CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

Cyber News related to CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)