Security News > 2024 > May > Windows Quick Assist abused in Black Basta ransomware attacks
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
During this voice phishing attack, the attackers trick the victims into granting them access to their Windows devices by launching the Quick Assist built-in remote control and screen-sharing tool.
After installing their malicious tools and concluding the phone call, Storm-1811 performs domain enumeration, moves laterally through the victim's network, and deploys Black Basta ransomware using the Windows PsExec telnet-replacement tool.
Those targeted in these attacks should only allow others to connect to their device if they contacted their IT support personnel or Microsoft Support and immediately disconnect any Quick Assist sessions if they suspect malicious intent.
More recently, Black Basta was linked to a ransomware attack that hit U.S. healthcare giant Ascension, forcing it to divert ambulances to unaffected facilities.
CISA: Black Basta ransomware breached over 500 orgs worldwide.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- Use Windows event logs for ransomware investigations, JPCERT/CC advises (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)