Security News > 2024 > May > Windows Quick Assist abused in Black Basta ransomware attacks
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
During this voice phishing attack, the attackers trick the victims into granting them access to their Windows devices by launching the Quick Assist built-in remote control and screen-sharing tool.
After installing their malicious tools and concluding the phone call, Storm-1811 performs domain enumeration, moves laterally through the victim's network, and deploys Black Basta ransomware using the Windows PsExec telnet-replacement tool.
Those targeted in these attacks should only allow others to connect to their device if they contacted their IT support personnel or Microsoft Support and immediately disconnect any Quick Assist sessions if they suspect malicious intent.
More recently, Black Basta was linked to a ransomware attack that hit U.S. healthcare giant Ascension, forcing it to divert ambulances to unaffected facilities.
CISA: Black Basta ransomware breached over 500 orgs worldwide.
News URL
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- BT unit took servers offline after Black Basta ransomware breach (source)
- Romanian energy supplier Electrica hit by ransomware attack (source)
- Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering (source)
- Ransomware attack hits leading heart surgery device maker (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)