The Bl00dy Ransomware Gang

Threat Actor updated 22 days ago (2024-11-29T14:51:43.410Z)
Download STIX
Preview STIX
The Bl00dy ransomware gang, a threat actor that began operations in May 2022, is known for its malicious activities, which include exploiting vulnerabilities and using double extortion techniques against targeted organizations. This group has been observed to leverage the ScreenConnect Remote Code Execution (RCE) vulnerability, along with other groups such as Black Basta. They have also utilized payloads built using leaked Conti and LockBit Black builders. One of their most notable exploits involves the use of the LockBit ransomware builder, which has led to increased attention from U.S. government agencies. In early 2023, the Bl00dy ransomware gang escalated its activities by exploiting a remote code execution vulnerability in the PaperCut MF and NG print server software products. This vulnerability had been reported to developers in January, but the gang took advantage of it in March and April. The education facilities sub-sector was particularly impacted by these attacks. According to the FBI, the Bl00dy Ransomware Gang gained access to victim networks across this sector where vulnerable PaperCut servers were exposed to the internet. Notably, the Education Facilities subsector accounts for nearly 68% of all internet-exposed PaperCut servers, though not all are vulnerable. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued warnings about the Bl00dy ransomware gang's activities. These agencies highlighted the group's exploitation of the recently patched PaperCut vulnerability in attacks targeting organizations in the education sector. The Bl00dy Ransomware Gang's actions pose a significant threat to cybersecurity, especially within the education sector, which has been a primary target for their attacks.
Description last updated: 2024-05-04T19:26:57.023Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Bl00dy is a possible alias for The Bl00dy Ransomware Gang. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the The Bl00dy Ransomware Gang Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
Securityaffairs
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago