Windows 11's quick assist hijacked by scammers for ransomware attacks

The dangerous group of scammers, Storm-1811, has started using the Quick Assist tool in Windows 11 for ransomware campaigns. These attacks begin with vishing, where victims are convinced to provide computer access codes. Once access is gained, the data is encrypted, and scammers demand a ransom.

Scammers employ social engineering to deceive users, persuading them of the necessity to connect to their computers for supposed service actions. As Microsoft has informed us, the Quick Assist application is presented in this case as an essential technical support tool for securing the victim's computer.

Quick Assist is an application built into the Windows 11 system that allows remote connections to the computer for performing advanced operations that the user cannot handle. With short, one-time codes, two computers can connect regardless of location, allowing one person to take control of the other’s system. Although this tool is useful, scammers can exploit it.

Scammers use this mechanism to upload malicious software onto the victim's computer, eventually activating the Black Basta ransomware. This type of ransomware has been operational since 2022 and mainly targets countries outside of Europe, although there have been instances in Europe as well. The criminals aim to gain access to sensitive data, encrypt it, and then demand ransom under the threat of data publication online. Unfortunately, this type of scam is becoming increasingly popular.

In the face of such threats, it is crucial to once again remind everyone about the basic principles of internet safety. The key is limited trust, which, as this situation shows, should always be applied, even when someone offers necessary technical help through a remote connection. Never share access codes or confidential information with individuals whose identity you cannot verify.