Bl00dy Ransomware Compromises Indian University

The Bl00dy ransomware gang is discovered to be actively targeting educational institutions using the PaperCut NG vulnerability, CVE-2023-27350. US agencies, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) had released advisories notifying the public of Bl00dy ransomware gang’s abuse of CVE-2023-27350 on May 12th, 2023. Cyble Research and Intelligence Labs (CRIL) tracking the group identified the Bl00dy ransomware gang as "having targeted at least six colleges/schools from the start of May. Not stopping there, the ransomware group also leaked negotiation chat screenshots with their victim entities and data samples to pressurize them to pay the ransom." Publicly the group had announced on their social media channels on April 29th, 2023, their attacks on universities and colleges. The names of the compromised institutions were slowly released on May 1st, 2023. Their latest attack had compromised an Indian-based university. Bl00dy ransomware gang provided evidence of their successful compromise, by sharing multiple screenshots showcasing their administrative access to the organization through Remote Desktop Protocol (RDP).