Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE


The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350.

The Bl00dy ransomware has been active since May 2022, it has been the first group that started using the leaked LockBit ransomware builder in attacks in the wild.

According to the FBI, threat actors started exploiting the CVE-2023-27350 flaw in mid-April 2023 and the attacks are still ongoing. The attacks against the Education Facilities Subsector started in early May.