CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

Someone else looking for some fame, it seems, managed to reverse engineer our changes that we had bundled up and published a public disclosure detailing the exploit method and taking credit for the vulnerability,” a spokesperson for CrushFTP told Recorded Future News. The warnings to customers of CrushFTP — used by thousands of companies to send and receive important data — have increased over the last two weeks, with the Cybersecurity and Infrastructure Security Agency (CISA) confirming on Monday that the bug is being exploited. Federal cybersecurity officials as well as incident responders at cyber companies say hackers are exploiting a vulnerability within the popular file transfer tool Crush. Outpost24 and multiple incident response companies confirmed that organizations are being attacked through the bug and both Shadowserver as well as Censys said there are hundreds of exposed CrushFTP instances on the internet. Outpost24 contacted CrushFTP on March 13 and planned to wait 90 days before publicly disclosing the vulnerability — in an effort to give customers a chance to patch. The CrushFTP spokesperson said now that the vulnerability is weaponized, the company will send another email urging customers to update their systems. CrushFTP is the latest file transfer software to face mass exploitation following repeated attacks on popular tools from Cleo, MOVEit, GoAnywhere and Accellion. The spokesperson noted that there are workarounds that mitigate the vulnerability but would not show up in internet scans, potentially skewing the number of unpatched servers seen by Shadowserver and Censys. Over the last two weeks, defenders have warned that hackers are now exploiting the bug and on Monday, the Kill ransomware gang claimed it had "obtained significant volumes of sensitive data" by exploiting CVE-2025-31161. Last Friday, American food manufacturing giant WK Kellogg confirmed that hackers stole employee information through the Cleo file transfer tool.

This Cyber News was published on therecord.media. Publication date: Tue, 08 Apr 2025 18:10:28 +0000

Cyber News related to CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
1 month ago Cybersecuritynews.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
6 days ago Cybersecuritynews.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media

CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News - Someone else looking for some fame, it seems, managed to reverse engineer our changes that we had bundled up and published a public disclosure detailing the exploit method and taking credit for the vulnerability,” a spokesperson for CrushFTP told ...
4 days ago Therecord.media CVE-2025-31161

CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
6 months ago Therecord.media

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com

CISA says it will continue to monitor Russian cyber threats | The Record from Recorded Future News - Both The Guardian and Washington Post bolstered the claims about CISA by saying a recent speech on critical infrastructure cyber threats by a senior State Department official did not mention Russia. The story emerged on Friday around the same time as ...
1 month ago Therecord.media

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit

Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com

The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
1 year ago Securityzap.com

The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
10 months ago Bleepingcomputer.com LockBit Inc ransom Black Basta

Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit

What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
6 months ago Cyberdefensemagazine.com Akira

Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base

Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
1 year ago Bleepingcomputer.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape

Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com

Food and agriculture sector hit with more than 160 ransomware attacks last year - The U.S. food and agriculture sector dealt with at least 167 ransomware attacks last year, according to the leading industry group. In its first annual report, the Food and Agriculture-Information Sharing and Analysis Center said the industry was the ...
11 months ago Therecord.media 8base LockBit Akira Snatch

Trump administration planning major workforce cuts at CISA | The Record from Recorded Future News - The Department of Homeland Security, where CISA is housed, recently expanded its voluntary departure program to include early retirement and, in some cases, a buyout, dangling a lump sum payment of up to $25,000 to employees in roles slated for ...
2 days ago Therecord.media

The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com

CISA, FBI warn of BianLian mail scam targeting executives with $500k ransom note | The Record from Recorded Future News - A spokesperson for the company told Recorded Future News that Arctic Wolf is aware of at least 20 organizations or executives who have received these letters. The letters have a return address based in Boston, Massachusetts and the FBI said it is ...
1 month ago Therecord.media BianLian

Schools in Maine, Indiana and Georgia contend ransomware attacks - Colleges and K-12 schools in several states are dealing with ransomware incidents causing outages and leaking sensitive data - a continuation of a trend that has affected campuses nationwide throughout the year. Henry County Schools - a district an ...
1 year ago Therecord.media CVE-2023-46604 Blacksuit

CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

Cyber News related to CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)