Since early May 2023, the Bl00dy Ransomware Gang has been targeting education facilities in the US that use PaperCut servers vulnerable to CVE-2023-27350. The gang gains access to victim networks, steals data, and encrypts files, leaving ransom notes demanding payment for decryption. CVE-2023-27350 is a critical security flaw that enables bypassing authentication and remote code execution. It has been exploited since mid-April 2023 to deploy RMM software and additional payloads such as Cobalt Strike Beacons, DiceLoader, and TrueBot.