Your Printer Software Might Be Spreading Ransomware

Hackers linked to a recent Clop ransomware operation have been exploiting two recently disclosed vulnerabilities in the print management software, Papercut, to steal corporate data from victims, according to a Tweet posted by Microsoft Threat Intelligence last month. Clop is a serious threat to businesses because it can make entry into a computer’s operating system and remain undetected from antivirus programs and users. From there, the ransomware encrypts files by attaching ‘.CLOP’ (filename.pdf.CLOP) and prevents users from being able to access their personal data.

The recent attacks have affected high profile organizations dating back to February and have encrypted crucial files such as data backups, financial records, and thousands of important emails. If the ransom for these files is not paid, they are leaked onto the dark web and remain inaccessible by the owner. Papercut is widely used by local governments, large enterprises, healthcare organizations and education institutions and has over 100 million users. If you are a Papercut user, there are immediate steps you need to take to mitigate your organization’s risk and hopefully shore up your defenses before it is too late.

What should you do if your business uses Papercut?

The company reported that right now, there is no way to confirm 100% if your system has been compromised by the latest threat, however, there are some steps admins can take:

  • In the Papercut admin interface, navigate to Logs > Application Log and look for any suspicious activity.
  • Users of impacted versions should upgrade to PaperCut MF and Papercut NG versions 20.1.7, 21.2.11 and 22.0.9, at minimum, that no longer have the vulnerabilities that bad actors have taken advantage of.

See full details here: URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) | PaperCut

Get Peace of Mind With Entara’s Incident Response Retainer Service

Over the past three years, Entara has executed over 100,000 hours of professional service hours across 200 incident response projects. With a specialization in infrastructure recovery, Entara is the go-to resource for organizations that need experts in the field who can efficiently fast track containment of a breach. We handle the recovery efforts so you can focus on what you do best – running your business.

Entara also provides proactive services that can reduce your risk in the face of a constantly changing threat landscape. Connect with us if you’re ready to strengthen your cybersecurity stance and prepare for the unpredictable with a comprehensive Managed Vulnerability Service (MVS) or other proactive services, like managed detection and response (MDR) or Network Segmentation. Learn more about Entara’s IR Retainer service here.

Scroll to Top