Black Basta, a global ransomware campaign, has been known to abuse Windows Quick Assist to gain control over targeted victim’s machines. Windows Quick Assist is a remote view/control application built right into Windows for use by technical professionals while providing remote assistance that can allow an outside party to gain control over your machine.
Once control is established the ransomware payload is delivered and the attack begins.
What should you be on the lookout for?
Here is typically how they abuse Windows Quick Assist:
Attackers will subscribe the targets email address to multiple subscription services flooding the targets inbox with unsolicited emails. The attackers then call the target victim and impersonate either Microsoft technical support or internal it support from the target’s company.
The attackers offer help to remediate the spam and walk the target through the steps to allow control via Windows Quick Assist. This is a type of attack known as “Voice Phishing”, as the attackers are on the phone white attempting to coerce the target into allowing remote access and providing login credentials.
If you are experiencing a sudden uptick of subscription spam in your email, please contact your designated IT staff for assistance. Never trust unsolicited support calls.ALWAYS verify who you are speaking with. Whether its it support-related or not you should always be 100% certain of what you are being asked to do and who is requesting you to do it. If you ever feel even a moments hesitation or have one iota of doubt, STOP what you are doing and contact someone you trust immediatly.
As always, GCS is here to help if you have any questions about this or other security questions.
Contact us
