Unpatched PaperCut servers are being exploited in the wild, and experts are warning of a possible ransomware attack

It has been revealed that unpatched servers running PaperCut are being exploited in the wild, sparking concerns of a potential ransomware attack. PaperCut is a print management software provider, and the company has recently issued a warning stating that it has “evidence to suggest that unpatched servers are being exploited in the wild.” Cybersecurity provider Trend Micro has also issued reports on two vulnerabilities within PaperCut that are actively being exploited. Experts are urging all users of PaperCut to upgrade to the latest versions of its software to ensure their systems are secure.

PowerShell commands spawned from PaperCut software to install RMM software

The risk is reportedly serious, with emerging reports indicating that PowerShell commands are being spawned from PaperCut software to install remote management and maintenance (RMM) software such as Atera and Syncro. This is allowing attackers to gain persistent access and execute code on infected hosts, which can potentially lead to devastating consequences. Cybersecurity provider Huntress has found almost 1,800 publicly exposed PaperCut servers, all of which could be at risk of attack.

TrueBot attributed to Russian criminal entity ‘Silence’

The issue further underscores the need for organizations to maintain their security posture, as criminal organizations with technical expertise to carry out such attacks are actively seeking vulnerable targets. One such group is Silence, a Russian criminal entity attributed to TrueBot malware. Silence has links to another Russian criminal entity known as Evil Corp, and its overlapping cluster TA505 has been previously linked to the Cl0p ransomware.

Upgrading to the fixed versions of PaperCut is recommended to mitigate risks

Experts are recommending that all users of PaperCut upgrade to the latest versions of its software as soon as possible. PaperCut has issued patches to address the vulnerabilities, with fixed versions being released as PaperCut MF and NG (20.1.7, 21.2.11, and 22.0.9). This will help mitigate the risks of a possible ransomware attack and ensure that systems are secure.

Lock down network access to servers for those unable to upgrade

However, some users may not be able to upgrade to the latest version of PaperCut software, leaving them vulnerable to attack. For those unable to upgrade, experts recommend locking down network access to the servers by blocking all inbound traffic from external IPs and limiting IP addresses to only those belonging to verified site servers. This will help reduce the risk of a successful attack, even in the absence of updates.

Regarding links to a ransomware entity

The links between PaperCut’s software and Silence, which is a known ransomware entity, are concerning. While the ultimate goal of the current activity leveraging PaperCut’s software is unknown, the links to a known ransomware entity raise red flags for cybersecurity experts.

Access gained through PaperCut exploitation could lead to follow-on movement and ransomware deployment

The risk of ransomware being deployed cannot be overstated. The access gained through PaperCut’s exploitation could be used as a foothold leading to follow-on movement within victims’ networks, and ultimately a ransomware deployment. The risks of such an attack would be significant, potentially causing extensive data breaches and financial loss to organizations worldwide.

Domain hosting tools also host malware like TrueBot

Further analysis has revealed that the domain hosting the tools for the attack is windowservicecemter.com, which was registered on April 12, 2023. This domain has also been linked to other malware like TrueBot, emphasizing the importance of maintaining security and vigilance across all aspects of cybersecurity.

An analysis conducted by PaperCut suggests that the earliest evidence of activity linked to the vulnerability was on April 14

PaperCut has conducted its analysis on all customer reports of a possible attack, with the earliest signature of suspicious activity on a customer server, potentially linked to this vulnerability, being noted on April 14. This highlights the importance of organizations remaining vigilant and securing against possible attacks, and the need for timely upgrades and patches for all systems and software.

The threat posed to organizations by unpatched servers running PaperCut has been mounting over the last few weeks. Experts are urging all users to take steps to secure their systems, including upgrading to the latest version of the software, which has been patched to address the vulnerabilities. Those who cannot upgrade are urged to take steps to lock down network access to their servers. With the risks of a potential ransomware attack looming, security experts warn that organizations must remain alert, vigilant, and secure against cybercriminals seeking to exploit vulnerabilities in their systems.

Explore more

D365 Supply Chain Tackles Key Operational Challenges

Imagine a mid-sized manufacturer struggling to keep up with fluctuating demand, facing constant stockouts, and losing customer trust due to delayed deliveries, a scenario all too common in today’s volatile supply chain environment. Rising costs, fragmented data, and unexpected disruptions threaten operational stability, making it essential for businesses, especially small and medium-sized enterprises (SMBs) and manufacturers, to find ways to

Cloud ERP vs. On-Premise ERP: A Comparative Analysis

Imagine a business at a critical juncture, where every decision about technology could make or break its ability to compete in a fast-paced market, and for many organizations, selecting the right Enterprise Resource Planning (ERP) system becomes that pivotal choice—a decision that impacts efficiency, scalability, and profitability. This comparison delves into two primary deployment models for ERP systems: Cloud ERP

Selecting the Best Shipping Solution for D365SCM Users

Imagine a bustling warehouse where every minute counts, and a single shipping delay ripples through the entire supply chain, frustrating customers and costing thousands in lost revenue. For businesses using Microsoft Dynamics 365 Supply Chain Management (D365SCM), this scenario is all too real when the wrong shipping solution disrupts operations. Choosing the right tool to integrate with this powerful platform

How Is AI Reshaping the Future of Content Marketing?

Dive into the future of content marketing with Aisha Amaira, a MarTech expert whose passion for blending technology with marketing has made her a go-to voice in the industry. With deep expertise in CRM marketing technology and customer data platforms, Aisha has a unique perspective on how businesses can harness innovation to uncover critical customer insights. In this interview, we

Why Are Older Job Seekers Facing Record Ageism Complaints?

In an era where workforce diversity is often championed as a cornerstone of innovation, a troubling trend has emerged that threatens to undermine these ideals, particularly for those over 50 seeking employment. Recent data reveals a staggering surge in complaints about ageism, painting a stark picture of systemic bias in hiring practices across the U.S. This issue not only affects