Security News > 2024 > May > Windows Quick Assist abused in Black Basta ransomware attacks
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
During this voice phishing attack, the attackers trick the victims into granting them access to their Windows devices by launching the Quick Assist built-in remote control and screen-sharing tool.
After installing their malicious tools and concluding the phone call, Storm-1811 performs domain enumeration, moves laterally through the victim's network, and deploys Black Basta ransomware using the Windows PsExec telnet-replacement tool.
Those targeted in these attacks should only allow others to connect to their device if they contacted their IT support personnel or Microsoft Support and immediately disconnect any Quick Assist sessions if they suspect malicious intent.
More recently, Black Basta was linked to a ransomware attack that hit U.S. healthcare giant Ascension, forcing it to divert ambulances to unaffected facilities.
CISA: Black Basta ransomware breached over 500 orgs worldwide.
News URL
Related news
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw (source)
- CISA warns of Windows bug exploited in ransomware attacks (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- City of Wichita shuts down IT network after ransomware attack (source)
- Ransomware attacks impact 20% of sensitive data in healthcare orgs (source)
- Ohio Lottery ransomware attack impacts over 538,000 individuals (source)
- Ascension redirects ambulances after suspected ransomware attack (source)
- CISA: Black Basta ransomware breached over 500 orgs worldwide (source)
- Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia (source)