Unpatched PaperCut servers are being exploited in the wild, and experts are warning of a possible ransomware attack

It has been revealed that unpatched servers running PaperCut are being exploited in the wild, sparking concerns of a potential ransomware attack. PaperCut is a print management software provider, and the company has recently issued a warning stating that it has “evidence to suggest that unpatched servers are being exploited in the wild.” Cybersecurity provider Trend Micro has also issued reports on two vulnerabilities within PaperCut that are actively being exploited. Experts are urging all users of PaperCut to upgrade to the latest versions of its software to ensure their systems are secure.

PowerShell commands spawned from PaperCut software to install RMM software

The risk is reportedly serious, with emerging reports indicating that PowerShell commands are being spawned from PaperCut software to install remote management and maintenance (RMM) software such as Atera and Syncro. This is allowing attackers to gain persistent access and execute code on infected hosts, which can potentially lead to devastating consequences. Cybersecurity provider Huntress has found almost 1,800 publicly exposed PaperCut servers, all of which could be at risk of attack.

TrueBot attributed to Russian criminal entity ‘Silence’

The issue further underscores the need for organizations to maintain their security posture, as criminal organizations with technical expertise to carry out such attacks are actively seeking vulnerable targets. One such group is Silence, a Russian criminal entity attributed to TrueBot malware. Silence has links to another Russian criminal entity known as Evil Corp, and its overlapping cluster TA505 has been previously linked to the Cl0p ransomware.

Upgrading to the fixed versions of PaperCut is recommended to mitigate risks

Experts are recommending that all users of PaperCut upgrade to the latest versions of its software as soon as possible. PaperCut has issued patches to address the vulnerabilities, with fixed versions being released as PaperCut MF and NG (20.1.7, 21.2.11, and 22.0.9). This will help mitigate the risks of a possible ransomware attack and ensure that systems are secure.

Lock down network access to servers for those unable to upgrade

However, some users may not be able to upgrade to the latest version of PaperCut software, leaving them vulnerable to attack. For those unable to upgrade, experts recommend locking down network access to the servers by blocking all inbound traffic from external IPs and limiting IP addresses to only those belonging to verified site servers. This will help reduce the risk of a successful attack, even in the absence of updates.

Regarding links to a ransomware entity

The links between PaperCut’s software and Silence, which is a known ransomware entity, are concerning. While the ultimate goal of the current activity leveraging PaperCut’s software is unknown, the links to a known ransomware entity raise red flags for cybersecurity experts.

Access gained through PaperCut exploitation could lead to follow-on movement and ransomware deployment

The risk of ransomware being deployed cannot be overstated. The access gained through PaperCut’s exploitation could be used as a foothold leading to follow-on movement within victims’ networks, and ultimately a ransomware deployment. The risks of such an attack would be significant, potentially causing extensive data breaches and financial loss to organizations worldwide.

Domain hosting tools also host malware like TrueBot

Further analysis has revealed that the domain hosting the tools for the attack is windowservicecemter.com, which was registered on April 12, 2023. This domain has also been linked to other malware like TrueBot, emphasizing the importance of maintaining security and vigilance across all aspects of cybersecurity.

An analysis conducted by PaperCut suggests that the earliest evidence of activity linked to the vulnerability was on April 14

PaperCut has conducted its analysis on all customer reports of a possible attack, with the earliest signature of suspicious activity on a customer server, potentially linked to this vulnerability, being noted on April 14. This highlights the importance of organizations remaining vigilant and securing against possible attacks, and the need for timely upgrades and patches for all systems and software.

The threat posed to organizations by unpatched servers running PaperCut has been mounting over the last few weeks. Experts are urging all users to take steps to secure their systems, including upgrading to the latest version of the software, which has been patched to address the vulnerabilities. Those who cannot upgrade are urged to take steps to lock down network access to their servers. With the risks of a potential ransomware attack looming, security experts warn that organizations must remain alert, vigilant, and secure against cybercriminals seeking to exploit vulnerabilities in their systems.

Explore more

Can a Unified ERP System Future-Proof Levi Strauss?

Establishing a seamless digital environment for a brand that spans over a hundred nations is a monumental undertaking that requires more than just standard software updates. Currently, Levi Strauss & Co. is navigating a profound transformation of its digital infrastructure, aiming for a mid-2027 completion of a fully integrated global enterprise resource planning system. This strategic overhaul is not merely

Ethereum Faces $10 Billion Liquidation Risk Near $2,000

The current trajectory of Ethereum suggests a massive collision between aggressive retail speculation and sophisticated institutional sell-side pressure as the asset hovers near the $2,000 psychological threshold. This specific price point has historically served as a pivot for broader market sentiment, influencing the behavior of various decentralized finance protocols and secondary layer-two scaling solutions. Currently, the market exhibits a state

ClickLock Malware Coerces macOS Users to Surrender Passwords

Traditional macOS security architectures have long been celebrated for their robust sandboxing and gated execution, yet a new strain of malware is proving that the human element remains the most vulnerable entry point in any digital ecosystem. This threat, known as ClickLock, has emerged as a particularly aggressive evolution in the macOS threat landscape by prioritizing psychological pressure and social

Stalled Windows 11 Migration Poses Growing Security Risks

The global landscape of enterprise computing is currently grappling with a persistent digital divide as a significant segment of users continues to rely on Windows 10 despite the availability of more secure alternatives. The current ecosystem of digital infrastructure remains tethered to legacy architecture, with recent telemetry indicating that approximately one in six workstations worldwide continues to operate on Windows

How Is OpenAI Redefining AI With Precision Engineering?

The shift from experimental conversationalists to precise engineering tools has fundamentally altered the landscape of digital productivity and high-performance computing in 2026. This transition is marked by a move away from the early excitement surrounding generative models toward a rigorous framework centered on deep optimization and granular control. OpenAI has spearheaded this movement with the introduction of the GPT-5.6 Sol