The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning to US educational institutions about a ransomware group that has been exploiting vulnerabilities in the popular printing software PaperCut to infiltrate their networks. The group, known as PYSA/Mespinoza, has been active since at least 2017 and has targeted a wide range of industries with its ransomware attacks.

According to the alert, PYSA/Mespinoza has been using brute-force attacks to gain access to administrative accounts in PaperCut installations, which it then uses to deploy its ransomware. The group has also been observed using stolen credentials and exploiting unpatched vulnerabilities in PaperCut to achieve its objectives. The agencies recommend that educational institutions update their PaperCut installations to the latest version and enforce strong password policies to mitigate the risk of a successful attack.

Read more: https://www.securityweek.com/cisa-fbi-ransomware-gang-exploited-papercut-flaw-against-education-facilities/