Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability


Bl00dy Ransomware Group, after targeting several universities and colleges in the US with PaperCut NG critical vulnerability in April-May 2023, has claimed its first victim in India on May 28, 2023, and demanded a ransom of USD 90,000. Cyble Research & Intelligence Labs (CRIL) elaborately covered the criticality of this vulnerability and exposed worldwide assets in a blog on April 25, 2023.

Details of the Incident

On May 28, 2023, the Bl00dy ransomware group claimed to compromise an India-based institute offering various undergraduate and graduate courses. The group posted multiple screenshots as proof of compromise, demonstrating administrative access to the organization via RDP.

One of the screenshots shared by the group demonstrates PaperCut MF/NG print management software installed on the machine.

Read more…