close
close

Ransomware group poses as Microsoft support to hack businesses

Posted on by Bobb
Ransomware group poses as Microsoft support to hack businesses

PCMag editors select and review products regardless. If you buy through affiliate links, we may earn a commission, which helps support our testing.

Russian participants of “Black Basta”. ransomware the group carried out social engineering attacks to gain access to victims’ computers by sending spam to inboxes and then sending malicious messages to the video conferencing platform. Microsoft Teams to “solve” the problem, according to cybersecurity firm ReliaQuest.

Attackers pose as IT support staff and send messages to potential victims in Microsoft Teams chats using the .onmicrosoft.com domain. They can then send legitimate but malicious links or QR codes into the chat. This may force the victim to install remote access software such as AnyDesk or QuickAssist, onto their devices and ask victims to give them access to their computers.

ReliaQuest’s report suggests that Black Basta is targeting workers with the ultimate goal of hacking into company systems and locking down internal data for ransom in cryptocurrency.

Unfortunately, tech support scams have been a primary attack strategy for cybercriminals for many years. Be wary of any person or entity that contacts you claiming to be customer service.

It is also recommended that you change your Microsoft Teams security and privacy settings to disable messages or calls from external or unknown users. Also, make sure your email filters spam properly and mark suspicious emails as spam. In Microsoft Outlook, you can choose from several different spam filtering levels. Or if you use Gmail you can set up custom spam filters myself.

Black Basta reportedly sells its extortion and email spam services on the dark web and has been active at least since the beginning. like 2022. Previously group broken US healthcare provider Ascension earlier this year. According to researchers, Black Basta earned at least $107 million in illicit profits from ransomware attacks over the past two years. Although the group attacked more than 329 organizations around the world, only 115 paid the ransom.