Bl00dy Ransomware Gang

Also known as: Bl00dy Ransomware Gang

Bl00dy self-identifies as a ransomware group. It gained attention in May 2023 for a series of data exfiltration and encryption attacks against education entities in the United States that featured exploit of vulnerabilities in PaperCut print management software, which is prevalent in the sector.[U.S. CISA PaperCut May 2023]

Related Vulnerabilities: CVE-2023-27350[U.S. CISA PaperCut May 2023]

Introduction

Bl00dy self-identifies as a ransomware group. It gained attention in May 2023 for a series of data exfiltration and encryption attacks against education entities in the United States that featured exploit of vulnerabilities in PaperCut print management software, which is prevalent in the sector.[U.S. CISA PaperCut May 2023] Related Vulnerabilities: CVE-2023-27350[U.S. CISA PaperCut May 2023]

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • UNITEDRAKE:
  • Xploit:

Attribution and Evidence

Information pending cataloguing.

References

[1] [U.S. CISA PaperCut May 2023