Unpatched PaperCut servers are being exploited in the wild, and experts are warning of a possible ransomware attack

It has been revealed that unpatched servers running PaperCut are being exploited in the wild, sparking concerns of a potential ransomware attack. PaperCut is a print management software provider, and the company has recently issued a warning stating that it has “evidence to suggest that unpatched servers are being exploited in the wild.” Cybersecurity provider Trend Micro has also issued reports on two vulnerabilities within PaperCut that are actively being exploited. Experts are urging all users of PaperCut to upgrade to the latest versions of its software to ensure their systems are secure.

PowerShell commands spawned from PaperCut software to install RMM software

The risk is reportedly serious, with emerging reports indicating that PowerShell commands are being spawned from PaperCut software to install remote management and maintenance (RMM) software such as Atera and Syncro. This is allowing attackers to gain persistent access and execute code on infected hosts, which can potentially lead to devastating consequences. Cybersecurity provider Huntress has found almost 1,800 publicly exposed PaperCut servers, all of which could be at risk of attack.

TrueBot attributed to Russian criminal entity ‘Silence’

The issue further underscores the need for organizations to maintain their security posture, as criminal organizations with technical expertise to carry out such attacks are actively seeking vulnerable targets. One such group is Silence, a Russian criminal entity attributed to TrueBot malware. Silence has links to another Russian criminal entity known as Evil Corp, and its overlapping cluster TA505 has been previously linked to the Cl0p ransomware.

Upgrading to the fixed versions of PaperCut is recommended to mitigate risks

Experts are recommending that all users of PaperCut upgrade to the latest versions of its software as soon as possible. PaperCut has issued patches to address the vulnerabilities, with fixed versions being released as PaperCut MF and NG (20.1.7, 21.2.11, and 22.0.9). This will help mitigate the risks of a possible ransomware attack and ensure that systems are secure.

Lock down network access to servers for those unable to upgrade

However, some users may not be able to upgrade to the latest version of PaperCut software, leaving them vulnerable to attack. For those unable to upgrade, experts recommend locking down network access to the servers by blocking all inbound traffic from external IPs and limiting IP addresses to only those belonging to verified site servers. This will help reduce the risk of a successful attack, even in the absence of updates.

Regarding links to a ransomware entity

The links between PaperCut’s software and Silence, which is a known ransomware entity, are concerning. While the ultimate goal of the current activity leveraging PaperCut’s software is unknown, the links to a known ransomware entity raise red flags for cybersecurity experts.

Access gained through PaperCut exploitation could lead to follow-on movement and ransomware deployment

The risk of ransomware being deployed cannot be overstated. The access gained through PaperCut’s exploitation could be used as a foothold leading to follow-on movement within victims’ networks, and ultimately a ransomware deployment. The risks of such an attack would be significant, potentially causing extensive data breaches and financial loss to organizations worldwide.

Domain hosting tools also host malware like TrueBot

Further analysis has revealed that the domain hosting the tools for the attack is windowservicecemter.com, which was registered on April 12, 2023. This domain has also been linked to other malware like TrueBot, emphasizing the importance of maintaining security and vigilance across all aspects of cybersecurity.

An analysis conducted by PaperCut suggests that the earliest evidence of activity linked to the vulnerability was on April 14

PaperCut has conducted its analysis on all customer reports of a possible attack, with the earliest signature of suspicious activity on a customer server, potentially linked to this vulnerability, being noted on April 14. This highlights the importance of organizations remaining vigilant and securing against possible attacks, and the need for timely upgrades and patches for all systems and software.

The threat posed to organizations by unpatched servers running PaperCut has been mounting over the last few weeks. Experts are urging all users to take steps to secure their systems, including upgrading to the latest version of the software, which has been patched to address the vulnerabilities. Those who cannot upgrade are urged to take steps to lock down network access to their servers. With the risks of a potential ransomware attack looming, security experts warn that organizations must remain alert, vigilant, and secure against cybercriminals seeking to exploit vulnerabilities in their systems.

Explore more

How Can MRP and MPS Optimize Your Supply Chain in D365?

Introduction Imagine a manufacturing operation where every order is fulfilled on time, inventory levels are perfectly balanced, and production schedules run like clockwork, all without excessive costs or last-minute scrambles. This scenario might seem like a distant dream for many businesses grappling with supply chain complexities. Yet, with the right tools in Microsoft Dynamics 365 Business Central, such efficiency is

Streamlining ERP Reporting in Dynamics 365 BC with FYIsoft

In the fast-paced realm of enterprise resource planning (ERP), financial reporting within Microsoft Dynamics 365 Business Central (BC) has reached a pivotal moment where innovation is no longer optional but essential. Finance professionals are grappling with intricate data sets spanning multiple business functions, often bogged down by outdated tools and cumbersome processes that fail to keep up with modern demands.

Top Digital Marketing Trends Shaping the Future of Brands

In an era where digital interactions dominate consumer behavior, brands face an unprecedented challenge: capturing attention in a crowded online space where billions of interactions occur daily. Imagine a scenario where a single misstep in strategy could mean losing relevance overnight, as competitors leverage cutting-edge tools to engage audiences in ways previously unimaginable. This reality underscores a critical need for

Microshifting Redefines the Traditional 9-to-5 Workday

Imagine a workday where logging in at 6 a.m. to tackle critical tasks, stepping away for a midday errand, and finishing a project after dinner feels not just possible, but encouraged. This isn’t a far-fetched dream; it’s the reality for a growing number of employees embracing a trend known as microshifting. With 65% of office workers craving more schedule flexibility

Boost Employee Engagement with Attention-Grabbing Tactics

Introduction to Employee Engagement Challenges and Solutions Imagine a workplace where half the team is disengaged, merely going through the motions, while productivity stagnates and innovative ideas remain unspoken. This scenario is all too common, with studies showing that a significant percentage of employees worldwide lack a genuine connection to their roles, directly impacting retention, creativity, and overall performance. Employee