Kroll reveals new Cactus ransomware that encrypts itself to evade antivirus
May 7, 2023
Data of 5.8 million PharMerica patients stolen by ransomware gang
May 15, 2023

FBI releases joint advisory warning of Bl00dy ransomware targets education organisation in PaperCut attacks

On Thursday 11th of May 2023, the United States Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint TLP:CLEAR cybersecurity advisory warning organisation that the Bl00dy Ransomware gang is now actively exploiting a PaperCut remote-code execution vulnerability (CVE-2023-27350) to gain initial access to networks.

The advisory revealed that the Bl00dy Ransomware Gang attempted to exploit vulnerable PaperCut servers against the Education Facilities Subsector in early May 2023. The advisory highlights that the Education Facilities Subsector entities are maintaining approximately 68% of exposed, but not necessarily vulnerable, U.S.-based PaperCut servers.

In the advisory, FBI and CISA recommend organisations upgrade any PaperCut servers to the latest version or if they are not able to immediately patch, they should ensure that vulnerable PaperCut servers are not accessible over the internet and should either block all inbound traffic from external IP addresses or all traffic inbound to the web management portal.

Leave a Reply

Your email address will not be published. Required fields are marked *