Get all your news in one place.

100’s of premium titles.
One app.

Get all your news in one place.

100’s of premium titles. One news app.

TechRadar

Sead Fadilpašić

Ransomware attacks hijack Windows Quick Assist feature

Windows Microsoft Rapid7

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted.".

Hackers have been observed combining spam, a classic IT tech support scam, and Windows built-in remote control and screen-sharing tool, Quick Assist, to deploy the Black Basta ransomware variant.

Reports from both Microsoft, and cybersecurity researchers Rapid7 outlined how the attack is also quite creative and not something that’s often seen in the cybercrime space.

Before the actual attack, the threat actors (which Microsoft identified as Storm-1811) need to obtain two things: the victim’s email address, and phone number.

Deploying Black Basta

After that, the attackers will sign the victim up for countless email subscription services. As a result, the victim’s inbox will get absolutely hammered with newsletters, email notifications, and similar unwanted messages.

Then, they will call them on the phone, and impersonate either a Microsoft IT technician, or the IT help desk of the company the victim works for. They will offer to help sort out the problem, and will ask the victim to grant them access to their Windows devices through Quick Assist. Once the victims grant access, it’s practically game over:

"Once the user allows access and control, the threat actor runs a scripted cURL command to download a series of batch files or ZIP files used to deliver malicious payloads," Microsoft said. "In several cases, Microsoft Threat Intelligence identified such activity leading to the download of Qakbot, RMM tools like ScreenConnect and NetSupport Manager, and Cobalt Strike."

These tools help the attackers move laterally throughout the target network, map it out, and ultimately - deploy the Black Basta ransomware variant.

Besides deploying Black Basta, Rapid7 added that the attackers would also steal as many login credentials from the victim as they can.

"The credentials are gathered under the false context of the 'update' requiring the user to log in. In most of the observed batch script variations, the credentials are immediately exfiltrated to the threat actor’s server via a Secure Copy command (SCP)," Rapid7’s researchers said.

"In at least one other observed script variant, credentials are saved to an archive and must be manually retrieved."

Via BleepingComputer

More from TechRadar Pro

Black Basta ransomware has become one of the biggest threats worldwide, CISA and FBI say
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sign up to read this article

Read news from 100’s of titles, curated specifically for you.

Already a member? Sign in here

Top stories on inkl right now

NASCAR Cup Sonoma: Pit strategy propels Kyle Larson to win

NASCAR Cup Sonoma: Pit strategy propels Kyle Larson to win

Many of the planned strategies in Sunday’s race went awry with seven cautions in the first 41 laps and that prompted Larson’s crew chief Cliff Daniels to run Larson as long as possible in the final stage before making his final stop.

Frustrated Lando Norris blames McLaren team for missed chance

Frustrated Lando Norris blames McLaren team for missed chance

Lando Norris said his failure to win the F1 Canadian Grand Prix was down to his McLaren team failing to call a pit stop decisively

The Guardian - UK

France’s snap election: what happened, why, and what’s next?

France’s snap election: what happened, why, and what’s next?

In a shock move, president Emmanuel Macron called a parliamentary election, describing it as ‘an act of confidence’

The Guardian - UK

Macron Calls For New Elections After Far-Right Victory

Macron Calls For New Elections After Far-Right Victory

French President Macron dissolves parliament and calls for new general elections after far-right victory in EU elections.

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

France's Macron Calls Snap Legislative Elections After EU Poll Blow

France's Macron Calls Snap Legislative Elections After EU Poll Blow

French President Emmanuel Macron on Sunday announced he was dissolving parliament and called snap legislative elections after the far-right trounced his centrist alliance in EU polls.

International Business Times

Minnesota Republican Senate candidate grilled over ‘strip club’ campaign spending

Minnesota Republican Senate candidate grilled over ‘strip club’ campaign spending

Ex-basketball player is running in with state GOP’s endorsement in August primary

The Independent UK

Related Stories

Top stories on inkl right now

NASCAR Cup Sonoma: Pit strategy propels Kyle Larson to win

NASCAR Cup Sonoma: Pit strategy propels Kyle Larson to win

Many of the planned strategies in Sunday’s race went awry with seven cautions in the first 41 laps and that prompted Larson’s crew chief Cliff Daniels to run Larson as long as possible in the final stage before making his final stop.

Frustrated Lando Norris blames McLaren team for missed chance

Frustrated Lando Norris blames McLaren team for missed chance

Lando Norris said his failure to win the F1 Canadian Grand Prix was down to his McLaren team failing to call a pit stop decisively

The Guardian - UK

France’s snap election: what happened, why, and what’s next?

France’s snap election: what happened, why, and what’s next?

In a shock move, president Emmanuel Macron called a parliamentary election, describing it as ‘an act of confidence’

The Guardian - UK

Macron Calls For New Elections After Far-Right Victory

Macron Calls For New Elections After Far-Right Victory

French President Macron dissolves parliament and calls for new general elections after far-right victory in EU elections.

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

France's Macron Calls Snap Legislative Elections After EU Poll Blow

France's Macron Calls Snap Legislative Elections After EU Poll Blow

French President Emmanuel Macron on Sunday announced he was dissolving parliament and called snap legislative elections after the far-right trounced his centrist alliance in EU polls.

International Business Times

Minnesota Republican Senate candidate grilled over ‘strip club’ campaign spending

Minnesota Republican Senate candidate grilled over ‘strip club’ campaign spending

Ex-basketball player is running in with state GOP’s endorsement in August primary

The Independent UK

Our Picks

I now have a personal sleep coach, and you can have one too

Sleep tracking, sound aids, and sleep articles all combine to provide the tools required to improve your sleep

David Duchovny Says He Would Have "Loved to Have Done More" on 'Sex and the City'

The actor appeared in one episode of the hit HBO show during Season 6.

Netflix top 10 movies — here’s the 3 worth watching right now

The Netflix top 10 is a constantly rotating list of the most popular films on the service. Here are the best three to stream now.

Meet the 59-year-old Barbie ‘dealer’ whose hustle has netted $2 million in sales

Bruce Zalkin has 35 years in the trade and sold one couple's collection for $250,000.

Low waste meet high-end sushi in Chicago

The Omakase Room is found nestled deep within its 110-seater sister restaurant Sushi-San

Idina Menzel Singing 'New York, New York' at Belmont Stakes Draws Mixed Fan Reactions

The Broadway legend had a tall task Saturday.

Sports Illustrated

Fourteen days free

Download the app

One app. One membership.
100+ trusted global sources.

Download on the AppStore

Get it on Google Play