Unpatched PaperCut servers are being exploited in the wild, and experts are warning of a possible ransomware attack

It has been revealed that unpatched servers running PaperCut are being exploited in the wild, sparking concerns of a potential ransomware attack. PaperCut is a print management software provider, and the company has recently issued a warning stating that it has “evidence to suggest that unpatched servers are being exploited in the wild.” Cybersecurity provider Trend Micro has also issued reports on two vulnerabilities within PaperCut that are actively being exploited. Experts are urging all users of PaperCut to upgrade to the latest versions of its software to ensure their systems are secure.

PowerShell commands spawned from PaperCut software to install RMM software

The risk is reportedly serious, with emerging reports indicating that PowerShell commands are being spawned from PaperCut software to install remote management and maintenance (RMM) software such as Atera and Syncro. This is allowing attackers to gain persistent access and execute code on infected hosts, which can potentially lead to devastating consequences. Cybersecurity provider Huntress has found almost 1,800 publicly exposed PaperCut servers, all of which could be at risk of attack.

TrueBot attributed to Russian criminal entity ‘Silence’

The issue further underscores the need for organizations to maintain their security posture, as criminal organizations with technical expertise to carry out such attacks are actively seeking vulnerable targets. One such group is Silence, a Russian criminal entity attributed to TrueBot malware. Silence has links to another Russian criminal entity known as Evil Corp, and its overlapping cluster TA505 has been previously linked to the Cl0p ransomware.

Upgrading to the fixed versions of PaperCut is recommended to mitigate risks

Experts are recommending that all users of PaperCut upgrade to the latest versions of its software as soon as possible. PaperCut has issued patches to address the vulnerabilities, with fixed versions being released as PaperCut MF and NG (20.1.7, 21.2.11, and 22.0.9). This will help mitigate the risks of a possible ransomware attack and ensure that systems are secure.

Lock down network access to servers for those unable to upgrade

However, some users may not be able to upgrade to the latest version of PaperCut software, leaving them vulnerable to attack. For those unable to upgrade, experts recommend locking down network access to the servers by blocking all inbound traffic from external IPs and limiting IP addresses to only those belonging to verified site servers. This will help reduce the risk of a successful attack, even in the absence of updates.

Regarding links to a ransomware entity

The links between PaperCut’s software and Silence, which is a known ransomware entity, are concerning. While the ultimate goal of the current activity leveraging PaperCut’s software is unknown, the links to a known ransomware entity raise red flags for cybersecurity experts.

Access gained through PaperCut exploitation could lead to follow-on movement and ransomware deployment

The risk of ransomware being deployed cannot be overstated. The access gained through PaperCut’s exploitation could be used as a foothold leading to follow-on movement within victims’ networks, and ultimately a ransomware deployment. The risks of such an attack would be significant, potentially causing extensive data breaches and financial loss to organizations worldwide.

Domain hosting tools also host malware like TrueBot

Further analysis has revealed that the domain hosting the tools for the attack is windowservicecemter.com, which was registered on April 12, 2023. This domain has also been linked to other malware like TrueBot, emphasizing the importance of maintaining security and vigilance across all aspects of cybersecurity.

An analysis conducted by PaperCut suggests that the earliest evidence of activity linked to the vulnerability was on April 14

PaperCut has conducted its analysis on all customer reports of a possible attack, with the earliest signature of suspicious activity on a customer server, potentially linked to this vulnerability, being noted on April 14. This highlights the importance of organizations remaining vigilant and securing against possible attacks, and the need for timely upgrades and patches for all systems and software.

The threat posed to organizations by unpatched servers running PaperCut has been mounting over the last few weeks. Experts are urging all users to take steps to secure their systems, including upgrading to the latest version of the software, which has been patched to address the vulnerabilities. Those who cannot upgrade are urged to take steps to lock down network access to their servers. With the risks of a potential ransomware attack looming, security experts warn that organizations must remain alert, vigilant, and secure against cybercriminals seeking to exploit vulnerabilities in their systems.

Explore more

How Is AI Revolutionizing Payroll in HR Management?

Imagine a scenario where payroll errors cost a multinational corporation millions annually due to manual miscalculations and delayed corrections, shaking employee trust and straining HR resources. This is not a far-fetched situation but a reality many organizations faced before the advent of cutting-edge technology. Payroll, once considered a mundane back-office task, has emerged as a critical pillar of employee satisfaction

AI-Driven B2B Marketing – Review

Setting the Stage for AI in B2B Marketing Imagine a marketing landscape where 80% of repetitive tasks are handled not by teams of professionals, but by intelligent systems that draft content, analyze data, and target buyers with precision, transforming the reality of B2B marketing in 2025. Artificial intelligence (AI) has emerged as a powerful force in this space, offering solutions

5 Ways Behavioral Science Boosts B2B Marketing Success

In today’s cutthroat B2B marketing arena, a staggering statistic reveals a harsh truth: over 70% of marketing emails go unopened, buried under an avalanche of digital clutter. Picture a meticulously crafted campaign—polished visuals, compelling data, and airtight logic—vanishing into the void of ignored inboxes and skipped LinkedIn posts. What if the key to breaking through isn’t just sharper tactics, but

Trend Analysis: Private Cloud Resurgence in APAC

In an era where public cloud solutions have long been heralded as the ultimate destination for enterprise IT, a surprising shift is unfolding across the Asia-Pacific (APAC) region, with private cloud infrastructure staging a remarkable comeback. This resurgence challenges the notion that public cloud is the only path forward, as businesses grapple with stringent data sovereignty laws, complex compliance requirements,

iPhone 17 Series Faces Price Hikes Due to US Tariffs

What happens when the sleek, cutting-edge device in your pocket becomes a casualty of global trade wars? As Apple unveils the iPhone 17 series this year, consumers are bracing for a jolt—not just from groundbreaking technology, but from price tags that sting more than ever. Reports suggest that tariffs imposed by the US on Chinese goods are driving costs upward,