Security News > 2023 > May > FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks
The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks.
"In early May 2023, according to FBI information, the Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 were exposed to the internet," reads the security advisory.
The PaperCut flaw is tracked as CVE-2023-27350 and is a critical-severity remote code execution weakness impacting PaperCut MF and PaperCut NG, printing management software used by roughly 70,000 organizations in over 100 countries.
While the vulnerability was fixed in PaperCut NG and MF versions 20.1.7, 21.2.11, and 22.0.9, organizations have been slow to install the update, allowing exposure to attacks.
CISA says the Education Facilities subsector is responsible for about 68% of the internet-exposed PaperCut servers.
The Bl00dy ransomware attacks observed recently were successful against some targets in the sector, leveraging CVE-2023-27350 to bypass user authentication and access the server as administrators.
News URL
Related news
- JetBrains is still mad at Rapid7 for the ransomware attacks on its customers (source)
- Stanford: Data of 27,000 people stolen in September ransomware attack (source)
- Nissan confirms ransomware attack exposed data of 100,000 people (source)
- TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (source)
- What the Latest Ransomware Attacks Teach About Defending Networks (source)
- Lessons from a Ransomware Attack against the British Library (source)
- Jackson County in state of emergency after ransomware attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-20 | CVE-2023-27350 | Improper Access Control vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |