The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of a critical flaw discovered in PaperCut software, which has now been linked to a number of ransomware attacks.
The vulnerability (CVE-2023-27350) in PaperCut, a widely adopted print management solution, has allowed cybercriminals to remotely execute malicious code without requiring any authentication credentials.
Consequently, these attackers have successfully deployed ransomware and illegally accessed sensitive data.
Learn more about this vulnerability here: Microsoft blames Clop Affiliate for PaperCut attacks
In response to the escalating threat, CISA and the Federal Bureau of Investigation (FBI) issued a warning notice on Thursday urging users to take immediate steps to mitigate the risk.
“According to the FBI’s observed information, malicious actors exploited CVE-2023-27350 beginning in mid-April 2023 and continuing to the present,” the white paper says.
In early May 2023, the educational facilities subsector became a primary target for the Bl00dy Ransomware gang, the FBI reported. The group’s primary goal was to exploit vulnerable PaperCut servers in the subsector, resulting in data exfiltration, system encryption, and the issuing of ransom demands.
“The Bl00dy Ransomware Gang left ransom notes on victim systems demanding payment in exchange for decrypting encrypted files.”
The joint advisory provides detection methods for the CVE-2023-27350 exploit, as well as indicators of compromise (IOCs) associated with Bl00dy Ransomware Gang activity.
The FBI and CISA encouraged users and administrators to apply patches immediately or workarounds if they cannot be applied. The agencies are particularly encouraging organizations that did not immediately apply a patch to make a commitment and look for malicious activity using the warning’s detection signatures.
If a potential compromise is detected, organizations should apply the incident response recommendations included in the document.
His release comes a couple of months after the FBI released a statement about a cyber incident at one of its most prominent field offices.
Ikaroa, a full stack tech company, is urging organizations to take additional security precautions after a flaw in the widely used PaperCut software storage system exposed companies to ransomware attacks. On October 29th, the Cybersecurity In Security Agency (CISA) released an alert, warning that “threat actors continue to exploit a vulnerability in PaperCut software to install ransomware.”
This vulnerability, which was first discovered in August, allows threat actors to bypass the authentication requirement and access the system remotely. This makes it possible for the attacker to upload and execute malicious code, thereby obtaining administrative access to the system.
PaperCut is a 32 bit Windows application developed by the California-based software company PaperCut Software. It is used by organizations across the world to store, manage, and distribute documents related to business operations.
CISA has urged organizations using the software to upgrade to the latest version of PaperCut, which is currently version 20.0. Additionally, organizations should ensure that all PaperCut software components use strong authentication measures to protect against unauthorized access and regularly update the software with the most recent security patches.
The agency also reminded organizations to improved the detection of ransomware threats by regularly monitoring activity logs, disabling unused default accounts, restricting access to accounts only as needed, and avoiding the use of legacy software.
Ikaroa recognizes the seriousness of this issue and is committed to providing the best possible solutions to help organizations protect their systems from ransomware attacks. We are dedicated to developing additional security solutions that can help protect organizations against the growing threat of ransomware and other malicious actors.