Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider

CISA warns that ransomware actors have been exploiting a path traversal vulnerability (CVE-2024-57727) in SimpleHelp RMM (versions 5.5.7 and earlier) since January 2025 to compromise MSPs and downstream customers; the advisory urges immediate isolation or upgrade of affected SimpleHelp instances, outlines detection and threat-hunting steps, recommends mitigations and reporting to law enforcement, and provides guidance for recovery from ransomware encryption.