TechStorm-1811 scammers exploit quick assist in Windows 11 ransomware spree

Storm-1811 scammers exploit quick assist in Windows 11 ransomware spree

The dangerous group of scammers, Storm-1811, has started using the Quick Assist tool in Windows 11 for ransomware campaigns. These attacks begin with vishing. Victims are convinced to provide the access code to their computers. Then, the data is encrypted, and scammers demand a ransom.

Storm-1811 scammers exploit quick assist in Windows 11 ransomware spree
Images source: © Unsplash

16 May 2024 14:48

Scammers use social engineering to deceive users, convincing them to connect to their computers to perform supposed service actions. Similar attacks in Poland are known using applications such as AnyDesk and TeamViewer. The scenario of these scams often involves impersonating police officers, bank employees, or investment advisors. Therefore, it is worth thinking twice before agreeing to any such connection.

In this discussed case, the Quick Assist application is presented as an essential technical support tool to secure the victim's computer, as Microsoft has informed.

Quick Assist is an application built into the Windows 11 system, allowing remote connections to the computer to perform advanced operations that the user cannot handle. Thanks to short, one-time codes, two computers can connect regardless of location, allowing one person to take control of the other's system. Although this tool is helpful, it can be exploited by scammers.

How do scammers operate?

They use this mechanism to upload malicious software onto the victim's computer, which eventually activates the Black Basta ransomware. This type of ransomware has been operational since 2022 and mainly targets countries outside Europe, although there are cases on our continent as well. The criminals' goal is to gain access to sensitive data, encrypt it, and then demand ransom under the threat of data publication online. Unfortunately, this type of scam is becoming increasingly popular.

In the face of such threats, it is worth reminding everyone about the basic principles of internet safety. The key is limited trust, which—as this situation shows—should always be applied, even when someone offers necessary technical help through a remote connection to your computer. Never share access codes or confidential information with individuals whose identities you cannot verify.

© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.