TechWindows 11's quick assist hijacked by scammers for ransomware attacks

Windows 11's quick assist hijacked by scammers for ransomware attacks

The dangerous group of scammers, Storm-1811, has started using the Quick Assist tool in Windows 11 for ransomware campaigns. These attacks begin with vishing, where victims are convinced to provide computer access codes. Once access is gained, the data is encrypted, and scammers demand a ransom.

Windows 11's quick assist hijacked by scammers for ransomware attacks
Images source: © Unsplash

Scammers employ social engineering to deceive users, persuading them of the necessity to connect to their computers for supposed service actions. As Microsoft has informed us, the Quick Assist application is presented in this case as an essential technical support tool for securing the victim's computer.

Quick Assist is an application built into the Windows 11 system that allows remote connections to the computer for performing advanced operations that the user cannot handle. With short, one-time codes, two computers can connect regardless of location, allowing one person to take control of the other’s system. Although this tool is useful, scammers can exploit it.

How do scammers operate?

Scammers use this mechanism to upload malicious software onto the victim's computer, eventually activating the Black Basta ransomware. This type of ransomware has been operational since 2022 and mainly targets countries outside of Europe, although there have been instances in Europe as well. The criminals aim to gain access to sensitive data, encrypt it, and then demand ransom under the threat of data publication online. Unfortunately, this type of scam is becoming increasingly popular.

In the face of such threats, it is crucial to once again remind everyone about the basic principles of internet safety. The key is limited trust, which, as this situation shows, should always be applied, even when someone offers necessary technical help through a remote connection. Never share access codes or confidential information with individuals whose identity you cannot verify.

Related content
© essanews.com
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.