Bl00dy Ransomware Group Exploits PaperCut Vulnerability in Education Sector Attacks
The FBI and CISA have issued a joint advisory warning that the Bl00dy Ransomware gang is exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks, with a focus on the education sector. The vulnerability has been under active exploitation since at least April 18, 2023, and organizations have been slow to install the update, allowing exposure to attacks. The Bl00dy ransomware operation launched in May 2022 and uses an encryptor based on the leaked LockBit source code. The recommended action is to apply the available security updates on PaperCut MF and NG servers.