Beware of Quick Assist: Microsoft Warns of Ongoing Black Basta Ransomware Scam by Cybercrime Gang

In a sneaky twist of fate, Microsoft’s Quick Assist is the latest tool in cybercriminals’ arsenal, enabling Storm-1811 to deploy Black Basta ransomware via social engineering. Since April, this crafty gang has tricked users into handing over control of their PCs, masquerading as helpful IT buddies. Talk about a deceptive tech support upgrade!

Hot Take:

Microsoft’s Quick Assist might need a quick fix! Cybercriminals have turned this handy dandy remote support tool into a gateway for ransomware shenanigans, showcasing a classic case of a good tool gone bad. Our dear tech gurus now face the Herculean task of patching up trust as well as security holes, lest their tool becomes known as Quick Disaster!

  • Cyber gang Storm-1811 turns Microsoft’s Quick Assist into a Trojan horse for Black Basta ransomware.
  • The attack chain starts with some old-fashioned social engineering, where the criminals pose as IT support.
  • Victims are sweet-talked into sharing their screen and eventually handing over full control of their device.
  • Once in, the attackers deploy all sorts of nasties, including Qakbot and Cobalt Strike, leading to ransomware deployment.
  • Microsoft suggests blocking or uninstalling Quick Assist if it’s not in use, and is working on adding more warning cues to the software.

Need to know more?

The Art of Disguise

Imagine receiving a call from ‘tech support’ when you didn’t even know your computer was sick. That’s the opening move of Storm-1811. They start with voice phishing—yes, that’s phishing with an ‘f,’ not fishing with an ‘n,’ although both involve lures and unsuspecting fish. The target? Your trust and your computer access. If the sweet talk doesn’t get you, watch out for those spam emails that mysteriously diagnose problems you never knew you had.

Pass the Remote, Please

Once they’ve got you on the line, these digital puppeteers use Quick Assist like a remote control for your PC. With just a security code—voila!—they’re in. And if you’re kind enough to click “Request Control,” you might as well hand them the keys to your digital kingdom. It’s like inviting the fox into the hen house and then wondering where all the chickens went.

Delivering More than Just Pizza

After securing their all-access pass, Storm-1811 starts downloading their evil toolset. We’re talking about a malware fiesta: Qakbot for appetizers, followed by a main course of remote management tools, and for dessert, a nice serving of Cobalt Strike. This allows them to snoop around and move laterally across networks, spreading chaos and confusion.

From Bad to Worse: The Ransomware Cherry on Top

Just when you think it can’t get any worse, it does. Using tools like PsExec, the attackers deploy Black Basta ransomware to seal the deal. It’s like they break into your digital home, rearrange your furniture, eat all your snacks, and then set the place on fire on their way out. The audacity!

Microsoft’s Counter-Measures

Not all heroes wear capes, but they do issue patches and advisories. Microsoft is on the case, investigating these misuses of Quick Assist and promising to beef up warnings and transparency. They’re also handing out pro tips like blocking or uninstalling Quick Assist if you’re not using it, because sometimes the best way to secure a door is to remove it entirely.

So next time you get a call from ‘tech support’ out of the blue, remember: it might just be Storm-1811 with their bag of tricks. Stay vigilant, folks!

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here