Crims abusing Microsoft Quick Assist to deploy ransomware • The Register

<!doctype html> <html lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <title>Crims abusing Microsoft Quick Assist to deploy ransomware • The Register</title> <meta name="robots" content="max-snippet:-1, max-image-preview:standard, max-video-preview:0"> <meta name="viewport" content="initial-scale=1.0, width=device-width"/> <meta property="og:image" content="https://regmedia.co.uk/2024/05/16/glasses_shutterstock.jpg"/> <meta property="og:type" content="article" /> <meta property="og:url" content="https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/" /> <meta property="og:title" content="Crims abusing Microsoft Quick Assist to deploy ransomware" /> <meta property="og:description" content="Spoiler alert: it's not really IT support controlling your device" /> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@TheRegister"> <script type="application/ld+json"> { "@context":"http://schema.org", "@type":"NewsArticle", "mainEntityOfPage":{"@type":"WebPage","@id":"https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/"}, "headline":"Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware", "datePublished":"2024-05-16T23:30:05Z", "dateModified":"2024-05-16T19:17:16Z", "image":{"@type":"ImageObject","url":"https://regmedia.co.uk/2024/05/16/glasses_shutterstock.jpg","width":"1000","height":"667"}, "author":{"@type":"Person","name":"Jessica Lyons"}, "publisher":{"@type":"Organization","name":"The Register","url":"https://www.theregister.com/","logo":{"@type":"ImageObject","url":"https://www.theregister.com/design_picker/1fea2ae01c5036112a295123c3cc9c56eb28836a/graphics/std/red_logo_sans_strapline.png","width":330,"height":55}} } </script> <script> var RegZoot = { }; var RegCC = [ ]; var RegPageType = 'Story'; var RegTruePageType = 'www story'; </script> <link rel="canonical" href="https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/"> <link rel="amphtml" href="https://www.theregister.com/AMP/2024/05/16/microsoft_quick_assist_crime/"> <script src="/Design/javascript/html5shiv.min.js"></script> <script> // IE8 only polyfilly for eventListener // source: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Compatibility !function(){if(Event.prototype.preventDefault||(Event.prototype.preventDefault=function(){this.returnValue=!1}),Event.prototype.stopPropagation||(Event.prototype.stopPropagation=function(){this.cancelBubble=!0}),!Element.prototype.addEventListener){var e=[],t=function(t,n){var o=this,r=function(e){e.target=e.srcElement,e.currentTarget=o,void 0!==n.handleEvent?n.handleEvent(e):n.call(o,e)};if("DOMContentLoaded"==t){var a=function(e){"complete"==document.readyState&&r(e)};if(document.attachEvent("onreadystatechange",a),e.push({object:this,type:t,listener:n,wrapper:a}),"complete"==document.readyState){var p=new Event;p.srcElement=window,a(p)}}else this.attachEvent("on"+t,r),e.push({object:this,type:t,listener:n,wrapper:r})},n=function(t,n){for(var o=0;o<e.length;){var r=e[o];if(r.object==this&&r.type==t&&r.listener==n){"DOMContentLoaded"==t?this.detachEvent("onreadystatechange",r.wrapper):this.detachEvent("on"+t,r.wrapper),e.splice(o,1);break}++o}};Element.prototype.addEventListener=t,Element.prototype.removeEventListener=n,HTMLDocument&&(HTMLDocument.prototype.addEventListener=t,HTMLDocument.prototype.removeEventListener=n),Window&&(Window.prototype.addEventListener=t,Window.prototype.removeEventListener=n)}}(); document.attachEvent("onreadystatechange", function() { if (document.readyState === "complete") { // list of icons we want <= IE8 to replace with their png equivalents var svg_icons_png_equiv = [ // masthead icons (twitter + facebook are also shared for footer): 'reg_logo.svg', 'twitter.svg', 'facebook.svg', 'linkedin.svg', // navigation bar icons: 'vulture.svg', 'vulture_white.svg', 'search.svg', 'search_white.svg', // footer icons: 'sitpub_footer.svg', 'linkedin_white.svg', 'rss.svg', // lectures section icons: 'reglecture_logo.svg', // story template icons: 'reddit.svg', 'linkedin_alt.svg', 'linkedin.svg', 'calendar.svg', 'location.svg', 'rect_comment_bubble_white.svg', 'rect_comment_bubble_black.svg', 'envelope.svg', 'polls_unit_arrow.svg' ]; for (i = 0; i <= svg_icons_png_equiv.length - 1; i++) { var svg_icon = svg_icons_png_equiv[i]; var img_svg_icons = $('img[src$="' + svg_icon + '"]'); img_svg_icons.each(function() { $(this).attr('src', $(this).attr('src').replace('.svg','.png')); }); } var ad_params = { src: 'https://regmedia.co.uk/2018/06/15/gg2b_book.png', href: 'https://forms.theregister.com/gg2b/?td=iaomwtkie78' }; bird_alternative('ad_wp_top', ad_params); } }); </script> <script> var RegArticle={id:234072,pf:0,af:0,bms:0,sec:'security/cyber_crime',cat:'update_me',ec:[],kw:[["cybercrime",'Cybercrime'],["microsoft",'Microsoft'],["ransomware",'Ransomware'],["security",'Security']],kwp:[["bill gates",'Bill Gates']],short_url:'https://reg.cx/4cQr',cp:0,noads:[],author:'Jessica Lyons'} </script> <link rel=stylesheet type="text/css" href="/css/ca213dac0d59f4c6133f8ded4c50c133857a5e83/scaffolding.css"> <link rel=stylesheet type="text/css" href="/css/ca213dac0d59f4c6133f8ded4c50c133857a5e83/design.css"> <style> #nav-security, #nav-security-cyber_crime { text-decoration: underline !important; } </style> <link rel='stylesheet' type='text/css' href='/css/ca213dac0d59f4c6133f8ded4c50c133857a5e83/story_only.css'> <link rel=stylesheet type="text/css" href="/css/ca213dac0d59f4c6133f8ded4c50c133857a5e83/rows_basic.css"> <link rel=alternate type="application/atom+xml" href="/headlines.atom" title="The Register: whole site"> <link rel=alternate type="application/atom+xml" href="/security/cyber_crime/headlines.atom" title="The Register: Cyber-crime section"> <script> var RegCR = false; </script> <script src="/design_picker/a0537627bb0ac577f9f5bb693a9d746f2d612798/javascript/_.js"></script> <script> RegGPT('reg_security/cybercrime','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); </script> <script async src="https://www.googletagmanager.com/gtag/js"></script> <link rel=search href="https://search.theregister.com/"> <link rel=search type="application/opensearchdescription+xml" title="El Reg Search" href="/Design/page/search.osd"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico" sizes="any"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg" type="image/svg+xml"> <link rel="apple-touch-icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/apple-touch-icon.png"> <link rel="manifest" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/site.webmanifest"> <meta name="msapplication-TileColor" content="#ff0000"> <meta name="msapplication-config" content="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/browserconfig.xml"> <meta name="theme-color" content="#ff0000"> <script src="/Design/javascript/respond.min.js"></script> </head> <body class="fullwidth" data-pagetype='Story' data-iebrowser='7' data-pagenum="0"> <div id="page"> <div data-oop="1" data-pos="top" data-raptor="kite" aria-hidden="true" class="adun"></div> <div id="masthead"> <div class="los_amigos"> <div class="left_nav"> <a id="mob_user_link" href="https://account.theregister.com/register/" aria-label="Your Account"> <img class="account_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg" alt=""> <img class="filled_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_filled_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg" alt=""> <span id="mob_user_text"><span>Sign in / up</span></span> </a> </div> <div class="center_nav"> <a href="https://www.theregister.com/" id="logo"> <img src="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.png" srcset="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg" width="190" height="35" alt="The Register® — Biting the hand that feeds IT"> </a> </div> <div class="right_nav"> <a href="https://search.theregister.com/" class="nav_search topnav_elem" data-name="Search" aria-label="Search"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg" alt=""> </a> <div id="site_nav_mobile"> <noscript><div id="site_nav_mobile_hiding_stamp"></div></noscript> <button id="mobile_menu_toggle" aria-label="Open menu" type="button"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg" alt=""> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg" alt=""> </button> </div> </div> </div> <div id="top_panel_wrapper"> <div id="top_panel"> <div class="block_section nav"> <div class="nav_col first_col"> <div class="nav_top_group"> <div class="nav_topics"> <div class="nav_head_bk"> <h2 class="main_head">Topics</h2> </div> <div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem mob_only">Security</a> <h2 class="desk_only section_nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem desk_only">Security</a> </h2> </div> </div><div id="subnav-box-nav-security" class="subnav_box"><a href="https://www.theregister.com/security/" class="subnav_elem" id="nav-security-all"><span class="prefix_all">All </span>Security</a><a href="https://www.theregister.com/security/cyber_crime/" class="subnav_elem" id="nav-security-cyber_crime">Cyber-crime</a><a href="https://www.theregister.com/security/patches/" class="subnav_elem" id="nav-security-patches">Patches</a><a href="https://www.theregister.com/security/research/" class="subnav_elem" id="nav-security-research">Research</a><a href="https://www.theregister.com/security/cso/" class="subnav_elem" id="nav-security-cso">CSO</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem mob_only">Off-Prem</a> <h2 class="desk_only section_nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem desk_only">Off-Prem</a> </h2> </div> </div><div id="subnav-box-nav-off_prem" class="subnav_box"><a href="https://www.theregister.com/off_prem/" class="subnav_elem" id="nav-off_prem-all"><span class="prefix_all">All </span>Off-Prem</a><a href="https://www.theregister.com/off_prem/edge_iot/" class="subnav_elem" id="nav-off_prem-edge_iot">Edge + IoT</a><a href="https://www.theregister.com/off_prem/channel/" class="subnav_elem" id="nav-off_prem-channel">Channel</a><a href="https://www.theregister.com/off_prem/paas_iaas/" class="subnav_elem" id="nav-off_prem-paas_iaas">PaaS + IaaS</a><a href="https://www.theregister.com/off_prem/saas/" class="subnav_elem" id="nav-off_prem-saas">SaaS</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem mob_only">On-Prem</a> <h2 class="desk_only section_nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem desk_only">On-Prem</a> </h2> </div> </div><div id="subnav-box-nav-on_prem" class="subnav_box"><a href="https://www.theregister.com/on_prem/" class="subnav_elem" id="nav-on_prem-all"><span class="prefix_all">All </span>On-Prem</a><a href="https://www.theregister.com/on_prem/systems/" class="subnav_elem" id="nav-on_prem-systems">Systems</a><a href="https://www.theregister.com/on_prem/storage/" class="subnav_elem" id="nav-on_prem-storage">Storage</a><a href="https://www.theregister.com/on_prem/networks/" class="subnav_elem" id="nav-on_prem-networks">Networks</a><a href="https://www.theregister.com/on_prem/hpc/" class="subnav_elem" id="nav-on_prem-hpc">HPC</a><a href="https://www.theregister.com/on_prem/personal_tech/" class="subnav_elem" id="nav-on_prem-personal_tech">Personal Tech</a><a href="https://www.theregister.com/on_prem/cxo/" class="subnav_elem" id="nav-on_prem-cxo">CxO</a><a href="https://www.theregister.com/on_prem/public_sector/" class="subnav_elem" id="nav-on_prem-public_sector">Public Sector</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem mob_only">Software</a> <h2 class="desk_only section_nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem desk_only">Software</a> </h2> </div> </div><div id="subnav-box-nav-software" class="subnav_box"><a href="https://www.theregister.com/software/" class="subnav_elem" id="nav-software-all"><span class="prefix_all">All </span>Software</a><a href="https://www.theregister.com/software/ai_ml/" class="subnav_elem" id="nav-software-ai_ml">AI + ML</a><a href="https://www.theregister.com/software/applications/" class="subnav_elem" id="nav-software-applications">Applications</a><a href="https://www.theregister.com/software/databases/" class="subnav_elem" id="nav-software-databases">Databases</a><a href="https://www.theregister.com/software/devops/" class="subnav_elem" id="nav-software-devops">DevOps</a><a href="https://www.theregister.com/software/oses/" class="subnav_elem" id="nav-software-oses">OSes</a><a href="https://www.theregister.com/software/virtualization/" class="subnav_elem" id="nav-software-virtualization">Virtualization</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem mob_only">Offbeat</a> <h2 class="desk_only section_nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem desk_only">Offbeat</a> </h2> </div> </div><div id="subnav-box-nav-offbeat" class="subnav_box"><a href="https://www.theregister.com/offbeat/" class="subnav_elem" id="nav-offbeat-all"><span class="prefix_all">All </span>Offbeat</a><a href="https://www.theregister.com/Debates/" class="subnav_elem" id="nav-offbeat-debates">Debates</a><a href="https://www.theregister.com/offbeat/columnists/" class="subnav_elem" id="nav-offbeat-columnists">Columnists</a><a href="https://www.theregister.com/offbeat/science/" class="subnav_elem" id="nav-offbeat-science">Science</a><a href="https://www.theregister.com/offbeat/geeks_guide/" class="subnav_elem" id="nav-offbeat-geeks_guide">Geek's Guide</a><a href="https://www.theregister.com/offbeat/bofh/" class="subnav_elem" id="nav-offbeat-bofh">BOFH</a><a href="https://www.theregister.com/offbeat/legal/" class="subnav_elem" id="nav-offbeat-legal">Legal</a><a href="https://www.theregister.com/offbeat/bootnotes/" class="subnav_elem" id="nav-offbeat-bootnotes">Bootnotes</a><a href="https://www.theregister.com/offbeat/site_news/" class="subnav_elem" id="nav-offbeat-site_news">Site News</a><a href="https://www.theregister.com/offbeat/about_us/" class="subnav_elem" id="nav-offbeat-about_us">About Us</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div> </nav> </div> </div> </div> <div class="nav_bottom_group"> <div class="nav_bottom_section nav_special_features"> <div class="nav_head_bk"> <a href="#subnav-box-nav-special_features" data-toggle-for="subnav-box-nav-special_features" id="nav-special_features" class="topnav_elem mob_only">Special Features</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Special Features</span> </h2> </div> <nav> <div class="nav_elem"> <div id="subnav-box-nav-special_features" class="subnav_box"> <a href="https://www.theregister.com/special_features">All Special Features</a> <a href="https://www.theregister.com/special_features/future_of_the_datacenter">The Future of the Datacenter</a> <a href="https://www.theregister.com/special_features/cybersecurity_month">Cybersecurity Month</a> <a href="https://www.theregister.com/special_features/vmware_explore">VMware Explore</a> <a href="https://www.theregister.com/special_features/cloud_infrastructure_month">Cloud Infrastructure Month</a> </div> </div> </nav> </div> <div class="nav_bottom_section nav_elem nav_vendor_voice"> <div class="nav_head_bk"> <h2 class="main_head"> <span class="topnav_elem desk_only">Vendor Voice</span> </h2> </div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem mob_only">Vendor Voice</a> <h2 class="desk_only section_nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem desk_only">Vendor Voice</a> </h2> </div> </div> <div id="subnav-box-nav-tag-vendor-voice" class="subnav_box"> <a href="https://www.theregister.com/VendorVoice/" class="subnav_elem" id="nav-tag-vendor-voice-all"> <span class="prefix_all">All </span>Vendor Voice </a> <a href="https://www.theregister.com/VendorVoice/aws_source_fuse/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_source_fuse"> SourceFuse </a> <a href="https://www.theregister.com/VendorVoice/aws_new_horizon_financial_services/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_new_horizon_financial_services"> Amazon Web Services (AWS) New Horizon in Cloud Computing </a> <a href="https://www.theregister.com/VendorVoice/pure_storage_portworx/" class="subnav_elem" id="nav-tag-vendor-voice-vv_pure_storage_portworx"> Pure Storage </a> <a href="https://www.theregister.com/VendorVoice/aws_klika_tech/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_klika_tech"> Klika Tech </a> <a href="https://www.theregister.com/VendorVoice/aws_here/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_here"> HERE and AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova_manufacturing/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova_manufacturing"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/google_cloud_data_transformation/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_cloud_data_transformation"> Google Cloud Data Transformation </a> <a href="https://www.theregister.com/VendorVoice/google_gemini/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_gemini"> Google Gemini </a> <noscript> <a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a> </noscript> </div> </div> </nav> </div> <div class="nav_bottom_section nav_resources"> <div class="nav_head_bk"> <a href="#subnav-box-nav-resources" data-toggle-for="subnav-box-nav-resources" id="nav-resources" class="topnav_elem mob_only">Resources</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Resources</span> </h2> </div> <nav id="top_nav"> <div class="nav_elem"> <div id="subnav-box-nav-resources" class="subnav_box"> <a href="https://whitepapers.theregister.com/">Whitepapers</a> <a href="https://whitepapers.theregister.com/events/list/">Webinars & Events</a> <a href="https://account.theregister.com/edit/newsletter/">Newsletters</a> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xmd=",fluid,leaderboard," data-lg=",fluid,leaderboard," data-xlg=",fluid,superleaderboard,billboard,leaderboard," data-xxlg=",fluid,superleaderboard,billboard,brandwidth,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <article> <div id=top-col-story> <div class="header_left"> <div class="cat_header"> <h4 class="dcl"> <a href="/security/cyber_crime/" aria-label="Cyber-crime">Cyber-crime</a> </h4> </div> <div class="comments_wrap mobile_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 12 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/05/16/microsoft_quick_assist_crime/"> <strong aria-hidden="true">12</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h1>Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware</h1> </div> <div class="header_left"> <div class="comments_wrap desktop_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 12 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/05/16/microsoft_quick_assist_crime/"> <strong aria-hidden="true">12</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h2>Spoiler alert: it's not really IT support controlling your device</h2> <div class="byline_and_dateline_and_share_and_comments"> <div class="byline_wrap"> <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_red.svg" alt="icon"> <a class="byline" href="/Author/Jessica-Lyons" title="Read more by this author"> Jessica Lyons </a> </div> <div class="dateline_wrap"> <span class="dateline"> Thu 16 May 2024 <span class="slashes"> // </span> 23:30 UTC </span> </div> </div> </div> </div> <div id=main-col> <div id="article-wrapper" class="article_wrap"> <div class="left_col"> <div class="floating_bar"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_2"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware&url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware&summary=Spoiler%20alert%3a%20it%27s%20not%20really%20IT%20support%20controlling%20your%20device" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> <div class="promo_advert"> </div> </div> <div class="centre_col"> <div id="article"> <div id="body"> <p>A cybercrime gang has been abusing Microsoft's Quick Assist application in social engineering attacks that ultimately allow the crew to infect victims with Black Basta ransomware.</p> <p>This, according to Redmond, which said the campaign has been ongoing since mid-April, and blamed a financially motivated group it tracks as Storm-1811 for the intrusions.</p> <p>Microsoft did not immediately respond to <em>The Register</em>'s questions about the attack, including how many customers have been hit. We will update this story when we receive a response.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <p>Quick Assist is a software tool installed by default in Windows 11 that allows someone to share their PC or macOS device with a remote user, typically in corporate IT, who can then control the computer remotely. This also makes it easier for scammers, posing as tech support, to trick people into giving them full access to the targeted device. </p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xmd=",fluid,mpu,leaderboard," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <div class="adun_eagle_desktop_story_wrapper"> <div aria-hidden="true" class="adun" data-pos="mid" data-raptor="eagle" data-xxlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> </div> <p>"Microsoft is investigating the use of Quick Assist in these attacks and is working on improving the transparency and trust between helpers and sharers, and incorporating warning messages in Quick Assist to alert users about possible tech support scams," the Windows giant <a target="_blank" rel="nofollow" href="https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/">said</a> in a Wednesday alert.</p> <p>Additionally, organizations can <a target="_blank" rel="nofollow" href="https://learn.microsoft.com/windows/client-management/client-tools/quick-assist#disable-quick-assist-within-your-organization">block or uninstall</a> Quick Assist and other remote management tools if they aren't using them, which will help reduce their risk of these types of social engineering attacks, Microsoft advised. </p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>Plus, there's a whole list of indicators of compromise, and threat-hunting queries that Microsoft customers can use to look for malicious activity on their networks, such as suspicious curl behavior or possible malicious use of proxy or tunneling tool.</p> <ul class="listinks"> <li><a href="https://www.theregister.com/2024/05/14/microsoft_may_patch_tuesday/">Microsoft fixes a bug abused in QakBot attacks plus a second under exploit</a></li> <li><a href="https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/">Researchers claim Windows Defender can be fooled into deleting databases</a></li> <li><a href="https://www.theregister.com/2024/05/13/cisa_ascension_ransomware/">Uncle Sam urges action after Black Basta ransomware infects Ascension</a></li> <li><a href="https://www.theregister.com/2024/05/15/us_army_contractor_data_loss/">Crook brags about US Army and $75B defense biz pwnage</a></li> </ul> <p>The break-ins begin with Storm-1811 impersonating IT support through voice phishing, and convincing the user to give them access to the computer through Quick Assist. In some cases users are bombarded with spam emails and then contacted asking if they want help fixing the problem.</p> <p>Access is granted via a key command, and a security code provided by the attacker. After the target enters the security code, they can then share their screen with the attacker, who can select "Request Control." If the target approves this request, the fraudster now has full control of the device.</p> <p>After this pwnage Storm-1811 gets to work delivering malicious payloads and remote monitoring and management (RMM) software, we're told.</p> <p>"In several cases, Microsoft Threat Intelligence identified such activity leading to the download of Qakbot, RMM tools like ScreenConnect and NetSupport Manager, and Cobalt Strike," the threat intel team noted.</p> <div aria-hidden="true" class="adun" id="story_eagle_xsm_sm_md_xmd_lg_xlg" data-pos="mid" data-raptor="eagle" data-xsm=",mpu,dmpu," data-sm=",mpu,dmpu," data-md=",mpu,dmpu," data-xmd=",mpu,dmpu," data-lg=",mpu,dmpu," data-xlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>This persistent access to the compromised device allows the attackers to move laterally through the victim's environment. "Storm-1811 then uses PsExec to deploy <a target="_blank" href="https://www.theregister.com/2024/05/13/cisa_ascension_ransomware/">Black Basta ransomware</a> throughout the network," according to Microsoft. ®</p> <div class="wptl btm"> <noscript><strong>Get our</strong> <a href="https://whitepapers.theregister.com/" style="text-transform:uppercase">Tech Resources</a></noscript> </div> <div data-tf-live="01JKBE2PEREXGBCY6F8R215Y6V" data-tf-inline-on-mobile="" data-tf-disable-auto-focus="" data-tf-auto-resize=""></div> <script src="//embed.typeform.com/next/embed.js"></script> </div> <div class="article_body_btm mobile_only"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_3"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware&url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware&summary=Spoiler%20alert%3a%20it%27s%20not%20really%20IT%20support%20controlling%20your%20device" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="right_col desktop_only"> <div class="similar_topics"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Microsoft/" > <span class="keyword_name"> Microsoft </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Microsoft/" > <span class="keyword_name"> Microsoft </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/2FA/" > <span class="keyword_name"> 2FA </span> </a> </li> <li> <a href="/Tag/Active%20Directory/" > <span class="keyword_name"> Active Directory </span> </a> </li> <li> <a href="/Tag/Advanced%20persistent%20threat/" > <span class="keyword_name"> Advanced persistent threat </span> </a> </li> <li> <a href="/Tag/Application%20Delivery%20Controller/" > <span class="keyword_name"> Application Delivery Controller </span> </a> </li> <li> <a href="/Tag/Authentication/" > <span class="keyword_name"> Authentication </span> </a> </li> <li> <a href="/Tag/Azure/" > <span class="keyword_name"> Azure </span> </a> </li> <li> <a href="/Tag/BEC/" > <span class="keyword_name"> BEC </span> </a> </li> <li> <a href="/Tag/Bing/" > <span class="keyword_name"> Bing </span> </a> </li> <li> <a href="/Tag/Black%20Hat/" > <span class="keyword_name"> Black Hat </span> </a> </li> <li> <a href="/Tag/BSides/" > <span class="keyword_name"> BSides </span> </a> </li> <li> <a href="/Tag/BSoD/" > <span class="keyword_name"> BSoD </span> </a> </li> <li> <a href="/Tag/Bug%20Bounty/" > <span class="keyword_name"> Bug Bounty </span> </a> </li> <li> <a href="/Tag/CHERI/" > <span class="keyword_name"> CHERI </span> </a> </li> <li> <a href="/Tag/Common%20Vulnerability%20Scoring%20System/" > <span class="keyword_name"> Common Vulnerability Scoring System </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20Information%20Sharing%20Act/" > <span class="keyword_name"> Cybersecurity Information Sharing Act </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Data%20Protection/" > <span class="keyword_name"> Data Protection </span> </a> </li> <li> <a href="/Tag/Data%20Theft/" > <span class="keyword_name"> Data Theft </span> </a> </li> <li> <a href="/Tag/DDoS/" > <span class="keyword_name"> DDoS </span> </a> </li> <li> <a href="/Tag/DEF%20CON/" > <span class="keyword_name"> DEF CON </span> </a> </li> <li> <a href="/Tag/Digital%20certificate/" > <span class="keyword_name"> Digital certificate </span> </a> </li> <li> <a href="/Tag/Encryption/" > <span class="keyword_name"> Encryption </span> </a> </li> <li> <a href="/Tag/Excel/" > <span class="keyword_name"> Excel </span> </a> </li> <li> <a href="/Tag/Exchange%20Server/" > <span class="keyword_name"> Exchange Server </span> </a> </li> <li> <a href="/Tag/Exploit/" > <span class="keyword_name"> Exploit </span> </a> </li> <li> <a href="/Tag/Firewall/" > <span class="keyword_name"> Firewall </span> </a> </li> <li> <a href="/Tag/Hacker/" > <span class="keyword_name"> Hacker </span> </a> </li> <li> <a href="/Tag/Hacking/" > <span class="keyword_name"> Hacking </span> </a> </li> <li> <a href="/Tag/Hacktivism/" > <span class="keyword_name"> Hacktivism </span> </a> </li> <li> <a href="/Tag/HoloLens/" > <span class="keyword_name"> HoloLens </span> </a> </li> <li> <a href="/Tag/Identity%20Theft/" > <span class="keyword_name"> Identity Theft </span> </a> </li> <li> <a href="/Tag/Incident%20response/" > <span class="keyword_name"> Incident response </span> </a> </li> <li> <a href="/Tag/Infosec/" > <span class="keyword_name"> Infosec </span> </a> </li> <li> <a href="/Tag/Internet%20Explorer/" > <span class="keyword_name"> Internet Explorer </span> </a> </li> <li> <a href="/Tag/Kenna%20Security/" > <span class="keyword_name"> Kenna Security </span> </a> </li> <li> <a href="/Tag/LinkedIn/" > <span class="keyword_name"> LinkedIn </span> </a> </li> <li> <a href="/Tag/Microsoft%20365/" > <span class="keyword_name"> Microsoft 365 </span> </a> </li> <li> <a href="/Tag/Microsoft%20Build/" > <span class="keyword_name"> Microsoft Build </span> </a> </li> <li> <a href="/Tag/Microsoft%20Edge/" > <span class="keyword_name"> Microsoft Edge </span> </a> </li> <li> <a href="/Tag/Microsoft%20Ignite/" > <span class="keyword_name"> Microsoft Ignite </span> </a> </li> <li> <a href="/Tag/Microsoft%20Office/" > <span class="keyword_name"> Microsoft Office </span> </a> </li> <li> <a href="/Tag/Microsoft%20Surface/" > <span class="keyword_name"> Microsoft Surface </span> </a> </li> <li> <a href="/Tag/Microsoft%20Teams/" > <span class="keyword_name"> Microsoft Teams </span> </a> </li> <li> <a href="/Tag/NCSAM/" > <span class="keyword_name"> NCSAM </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/.NET/" > <span class="keyword_name"> .NET </span> </a> </li> <li> <a href="/Tag/Office%20365/" > <span class="keyword_name"> Office 365 </span> </a> </li> <li> <a href="/Tag/OS%2F2/" > <span class="keyword_name"> OS/2 </span> </a> </li> <li> <a href="/Tag/Outlook/" > <span class="keyword_name"> Outlook </span> </a> </li> <li> <a href="/Tag/Palo%20Alto%20Networks/" > <span class="keyword_name"> Palo Alto Networks </span> </a> </li> <li> <a href="/Tag/Password/" > <span class="keyword_name"> Password </span> </a> </li> <li> <a href="/Tag/Patch%20Tuesday/" > <span class="keyword_name"> Patch Tuesday </span> </a> </li> <li> <a href="/Tag/Phishing/" > <span class="keyword_name"> Phishing </span> </a> </li> <li> <a href="/Tag/Pluton/" > <span class="keyword_name"> Pluton </span> </a> </li> <li> <a href="/Tag/Quantum%20key%20distribution/" > <span class="keyword_name"> Quantum key distribution </span> </a> </li> <li> <a href="/Tag/Remote%20Access%20Trojan/" > <span class="keyword_name"> Remote Access Trojan </span> </a> </li> <li> <a href="/Tag/REvil/" > <span class="keyword_name"> REvil </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/SharePoint/" > <span class="keyword_name"> SharePoint </span> </a> </li> <li> <a href="/Tag/Skype/" > <span class="keyword_name"> Skype </span> </a> </li> <li> <a href="/Tag/Spamming/" > <span class="keyword_name"> Spamming </span> </a> </li> <li> <a href="/Tag/Spyware/" > <span class="keyword_name"> Spyware </span> </a> </li> <li> <a href="/Tag/SQL%20Server/" > <span class="keyword_name"> SQL Server </span> </a> </li> <li> <a href="/Tag/Surveillance/" > <span class="keyword_name"> Surveillance </span> </a> </li> <li> <a href="/Tag/TLS/" > <span class="keyword_name"> TLS </span> </a> </li> <li> <a href="/Tag/Trojan/" > <span class="keyword_name"> Trojan </span> </a> </li> <li> <a href="/Tag/Trusted%20Platform%20Module/" > <span class="keyword_name"> Trusted Platform Module </span> </a> </li> <li> <a href="/Tag/Visual%20Studio/" > <span class="keyword_name"> Visual Studio </span> </a> </li> <li> <a href="/Tag/Visual%20Studio%20Code/" > <span class="keyword_name"> Visual Studio Code </span> </a> </li> <li> <a href="/Tag/Vulnerability/" > <span class="keyword_name"> Vulnerability </span> </a> </li> <li> <a href="/Tag/Wannacry/" > <span class="keyword_name"> Wannacry </span> </a> </li> <li> <a href="/Tag/Windows/" > <span class="keyword_name"> Windows </span> </a> </li> <li> <a href="/Tag/Windows%2010/" > <span class="keyword_name"> Windows 10 </span> </a> </li> <li> <a href="/Tag/Windows%2011/" > <span class="keyword_name"> Windows 11 </span> </a> </li> <li> <a href="/Tag/Windows%207/" > <span class="keyword_name"> Windows 7 </span> </a> </li> <li> <a href="/Tag/Windows%208/" > <span class="keyword_name"> Windows 8 </span> </a> </li> <li> <a href="/Tag/Windows%20Server/" > <span class="keyword_name"> Windows Server </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202003/" > <span class="keyword_name"> Windows Server 2003 </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202008/" > <span class="keyword_name"> Windows Server 2008 </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202012/" > <span class="keyword_name"> Windows Server 2012 </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202013/" > <span class="keyword_name"> Windows Server 2013 </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202016/" > <span class="keyword_name"> Windows Server 2016 </span> </a> </li> <li> <a href="/Tag/Windows%20Subsystem%20for%20Linux/" > <span class="keyword_name"> Windows Subsystem for Linux </span> </a> </li> <li> <a href="/Tag/Windows%20XP/" > <span class="keyword_name"> Windows XP </span> </a> </li> <li> <a href="/Tag/Xbox/" > <span class="keyword_name"> Xbox </span> </a> </li> <li> <a href="/Tag/Xbox%20360/" > <span class="keyword_name"> Xbox 360 </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> <div class="keyword_group parent_topics"> <h3>Broader topics</h3> <ul class="keywords"> <li> <a href="/Tag/Bill%20Gates/" > <span class="keyword_name"> Bill Gates </span> </a> </li> </ul> </div> </div> </div> </div> </div> <div class="right_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> </div> </div> <div class="left_col main_content"> <div class="sharing_block"> <div class=article_body_btm> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_4"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware&url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Crims%20abusing%20Microsoft%20Quick%20Assist%20to%20deploy%20Black%20Basta%20ransomware&summary=Spoiler%20alert%3a%20it%27s%20not%20really%20IT%20support%20controlling%20your%20device" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/05/16/microsoft_quick_assist_crime/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="centre_col main_content"> <div class="comments "> <a class="comment_count" aria-label="Read comments on this article, currently there are 12 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/05/16/microsoft_quick_assist_crime/"> <strong aria-hidden="true">12</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> COMMENTS </a> </div> </div> <div class="hidden_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Microsoft/" > <span class="keyword_name"> Microsoft </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Microsoft/" > <span class="keyword_name"> Microsoft </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/2FA/" > <span class="keyword_name"> 2FA </span> </a> </li> <li> <a href="/Tag/Active%20Directory/" > <span class="keyword_name"> Active Directory </span> </a> </li> <li> <a href="/Tag/Advanced%20persistent%20threat/" > <span class="keyword_name"> Advanced persistent threat </span> </a> </li> <li> <a href="/Tag/Application%20Delivery%20Controller/" > <span class="keyword_name"> Application Delivery Controller </span> </a> </li> <li> <a href="/Tag/Authentication/" > <span class="keyword_name"> Authentication </span> </a> </li> <li> <a href="/Tag/Azure/" > <span class="keyword_name"> Azure </span> </a> </li> <li> <a href="/Tag/BEC/" > <span class="keyword_name"> BEC </span> </a> </li> <li> <a href="/Tag/Bing/" > <span class="keyword_name"> Bing </span> </a> </li> <li> <a href="/Tag/Black%20Hat/" > <span class="keyword_name"> Black Hat </span> </a> </li> <li> <a href="/Tag/BSides/" > <span class="keyword_name"> BSides </span> </a> </li> <li> <a href="/Tag/BSoD/" > <span class="keyword_name"> BSoD </span> </a> </li> <li> <a href="/Tag/Bug%20Bounty/" > <span class="keyword_name"> Bug Bounty </span> </a> </li> <li> <a href="/Tag/CHERI/" > <span class="keyword_name"> CHERI </span> </a> </li> <li> <a href="/Tag/Common%20Vulnerability%20Scoring%20System/" > <span class="keyword_name"> Common Vulnerability Scoring System </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20Information%20Sharing%20Act/" > <span class="keyword_name"> Cybersecurity Information Sharing Act </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Data%20Protection/" > <span class="keyword_name"> Data Protection </span> </a> </li> <li> <a href="/Tag/Data%20Theft/" > <span class="keyword_name"> Data Theft </span> </a> </li> <li> <a href="/Tag/DDoS/" > <span class="keyword_name"> DDoS </span> </a> </li> <li> <a href="/Tag/DEF%20CON/" > <span class="keyword_name"> DEF CON </span> </a> </li> <li> <a href="/Tag/Digital%20certificate/" > <span class="keyword_name"> Digital certificate </span> </a> </li> <li> <a href="/Tag/Encryption/" > <span class="keyword_name"> Encryption </span> </a> </li> <li> <a href="/Tag/Excel/" > <span class="keyword_name"> Excel </span> </a> </li> <li> <a href="/Tag/Exchange%20Server/" > <span class="keyword_name"> Exchange Server </span> </a> </li> <li> <a href="/Tag/Exploit/" > <span class="keyword_name"> Exploit </span> </a> </li> <li> <a href="/Tag/Firewall/" > <span class="keyword_name"> Firewall </span> </a> </li> <li> <a href="/Tag/Hacker/" > <span class="keyword_name"> Hacker </span> </a> </li> <li> <a href="/Tag/Hacking/" > <span class="keyword_name"> Hacking </span> </a> </li> <li> <a href="/Tag/Hacktivism/" > <span class="keyword_name"> Hacktivism </span> </a> </li> <li> <a href="/Tag/HoloLens/" > <span class="keyword_name"> HoloLens </span> </a> </li> <li> <a href="/Tag/Identity%20Theft/" > <span class="keyword_name"> Identity Theft </span> </a> </li> <li> <a href="/Tag/Incident%20response/" > <span class="keyword_name"> Incident response </span> </a> </li> <li> <a href="/Tag/Infosec/" > <span class="keyword_name"> Infosec </span> </a> </li> <li> <a href="/Tag/Internet%20Explorer/" > <span class="keyword_name"> Internet Explorer </span> </a> </li> <li> <a href="/Tag/Kenna%20Security/" > <span class="keyword_name"> Kenna Security </span> </a> </li> <li> <a href="/Tag/LinkedIn/" > <span class="keyword_name"> LinkedIn </span> </a> </li> <li> <a href="/Tag/Microsoft%20365/" > <span class="keyword_name"> Microsoft 365 </span> </a> </li> <li> <a href="/Tag/Microsoft%20Build/" > <span class="keyword_name"> Microsoft Build </span> </a> </li> <li> <a href="/Tag/Microsoft%20Edge/" > <span class="keyword_name"> Microsoft Edge </span> </a> </li> <li> <a href="/Tag/Microsoft%20Ignite/" > <span class="keyword_name"> Microsoft Ignite </span> </a> </li> <li> <a href="/Tag/Microsoft%20Office/" > <span class="keyword_name"> Microsoft Office </span> </a> </li> <li> <a href="/Tag/Microsoft%20Surface/" > <span class="keyword_name"> Microsoft Surface </span> </a> </li> <li> <a href="/Tag/Microsoft%20Teams/" > <span class="keyword_name"> Microsoft Teams </span> </a> </li> <li> <a href="/Tag/NCSAM/" > <span class="keyword_name"> NCSAM </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/.NET/" > <span class="keyword_name"> .NET </span> </a> </li> <li> <a href="/Tag/Office%20365/" > <span class="keyword_name"> Office 365 </span> </a> </li> <li> <a href="/Tag/OS%2F2/" > <span class="keyword_name"> OS/2 </span> </a> </li> <li> <a href="/Tag/Outlook/" > <span class="keyword_name"> Outlook </span> </a> </li> <li> <a href="/Tag/Palo%20Alto%20Networks/" > <span class="keyword_name"> Palo Alto Networks </span> </a> </li> <li> <a href="/Tag/Password/" > <span class="keyword_name"> Password </span> </a> </li> <li> <a href="/Tag/Patch%20Tuesday/" > <span class="keyword_name"> Patch Tuesday </span> </a> </li> <li> <a href="/Tag/Phishing/" > <span class="keyword_name"> Phishing </span> </a> </li> <li> <a href="/Tag/Pluton/" > <span class="keyword_name"> Pluton </span> </a> </li> <li> <a href="/Tag/Quantum%20key%20distribution/" > <span class="keyword_name"> Quantum key distribution </span> </a> </li> <li> <a href="/Tag/Remote%20Access%20Trojan/" > <span class="keyword_name"> Remote Access Trojan </span> </a> </li> <li> <a href="/Tag/REvil/" > <span class="keyword_name"> REvil </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/SharePoint/" > <span class="keyword_name"> SharePoint </span> </a> </li> <li> <a href="/Tag/Skype/" > <span class="keyword_name"> Skype </span> </a> </li> <li> <a href="/Tag/Spamming/" > <span class="keyword_name"> Spamming </span> </a> </li> <li> <a href="/Tag/Spyware/" > <span class="keyword_name"> Spyware </span> </a> </li> <li> <a href="/Tag/SQL%20Server/" > <span class="keyword_name"> SQL Server </span> </a> </li> <li> <a href="/Tag/Surveillance/" > <span class="keyword_name"> Surveillance </span> </a> </li> <li> <a href="/Tag/TLS/" > <span class="keyword_name"> TLS </span> </a> </li> <li> <a href="/Tag/Trojan/" > <span class="keyword_name"> Trojan </span> </a> </li> <li> <a href="/Tag/Trusted%20Platform%20Module/" > <span class="keyword_name"> Trusted Platform Module </span> </a> </li> <li> <a href="/Tag/Visual%20Studio/" > <span class="keyword_name"> Visual Studio </span> </a> </li> <li> <a href="/Tag/Visual%20Studio%20Code/" > <span class="keyword_name"> Visual Studio Code </span> </a> </li> <li> <a href="/Tag/Vulnerability/" > <span class="keyword_name"> Vulnerability </span> </a> </li> <li> <a href="/Tag/Wannacry/" > <span class="keyword_name"> Wannacry </span> </a> </li> <li> <a href="/Tag/Windows/" > <span class="keyword_name"> Windows </span> </a> </li> <li> <a href="/Tag/Windows%2010/" > <span class="keyword_name"> Windows 10 </span> </a> </li> <li> <a href="/Tag/Windows%2011/" > <span class="keyword_name"> Windows 11 </span> </a> </li> <li> <a href="/Tag/Windows%207/" > <span class="keyword_name"> Windows 7 </span> </a> </li> <li> <a href="/Tag/Windows%208/" > <span class="keyword_name"> Windows 8 </span> </a> </li> <li> <a href="/Tag/Windows%20Server/" > <span class="keyword_name"> Windows Server </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202003/" > <span class="keyword_name"> Windows Server 2003 </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202008/" > <span class="keyword_name"> Windows Server 2008 </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202012/" > <span class="keyword_name"> Windows Server 2012 </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202013/" > <span class="keyword_name"> Windows Server 2013 </span> </a> </li> <li> <a href="/Tag/Windows%20Server%202016/" > <span class="keyword_name"> Windows Server 2016 </span> </a> </li> <li> <a href="/Tag/Windows%20Subsystem%20for%20Linux/" > <span class="keyword_name"> Windows Subsystem for Linux </span> </a> </li> <li> <a href="/Tag/Windows%20XP/" > <span class="keyword_name"> Windows XP </span> </a> </li> <li> <a href="/Tag/Xbox/" > <span class="keyword_name"> Xbox </span> </a> </li> <li> <a href="/Tag/Xbox%20360/" > <span class="keyword_name"> Xbox 360 </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> <div class="keyword_group parent_topics"> <h3>Broader topics</h3> <ul class="keywords"> <li> <a href="/Tag/Bill%20Gates/" > <span class="keyword_name"> Bill Gates </span> </a> </li> </ul> </div> </div> </div> </div> <div class="right_col main_content"> <div class="tip_off_widget"> <h4>TIP US OFF</h4> <p><a href="https://www.theregister.com/Profile/contact/" target="_blank">Send us news</a></p> </div> </div> </div> </div> </article> <hr id=story_section_break> <div id=story-bot-col> <h3 style="position:absolute;color:transparent;z-index:-1;">Other stories you might like</h3> <div id="aua" data-unit-type="aua" class="keepreading"> <div class=headlines> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2025/02/12/ransomware_nation_state_groups/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Ransomware isn't always about the money: Government spies have objectives, too</h4> <div class=standfirst> <span class="label">Feature</span> Analysts tell El Reg why Russia's operators aren't that careful, and why North Korea wants money AND data</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="12 Feb 2025 19:30" data-epoch="1739388612">12 Feb 2025</span> | <span class="comment light_bg_comments">7</span></div> </div> </a> </article> <article> <a href="/2025/02/15/russia_spies_spoofing_teams/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish</h4> <div class=standfirst>Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="15 Feb 2025 0:2" data-epoch="1739577758">15 Feb 2025</span> | <span class="comment light_bg_comments">26</span></div> </div> </a> </article> <article> <a href="/2025/02/11/triplestrength_google/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining</h4> <div class=standfirst>These crooks have no chill</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="11 Feb 2025 20:42" data-epoch="1739306571">11 Feb 2025</span> | <span class="comment light_bg_no_comments"></span></div> </div> </a> </article> <article> <a href="/2025/01/30/data_resilience_and_data_portability/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Data resilience and data portability</h4> <div class=standfirst>Why organizations should protect everything, everywhere, all at once</div> <div class=time_comments><span class="section_name">Sponsored Feature</span></div> </div> </a> </article> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="hawk" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z7OO13DoPoLikXTPFZJpNwAAAYk&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" alt=""> </a> </noscript> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2025/02/14/chinese_spies_ransomware_moonlighting/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks</h4> <div class=standfirst>Some employees steal sticky notes, others 'borrow' malicious code</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="14 Feb 2025 2:19" data-epoch="1739499579">14 Feb 2025</span> | <span class="comment light_bg_comments">11</span></div> </div> </a> </article> <article> <a href="/2025/02/12/russias_sandworm_caught_stealing_credentials/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Russia's Sandworm caught snarfing credentials, data from American and Brit orgs</h4> <div class=standfirst>'Near-global' initial access campaign active since 2021</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="12 Feb 2025 17:0" data-epoch="1739379608">12 Feb 2025</span> | <span class="comment light_bg_comments">8</span></div> </div> </a> </article> <article> <a href="/2025/01/31/banner_year_for_ransomware_gangs/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Another banner year for ransomware gangs despite takedowns by the cops</h4> <div class=standfirst>And it doesn't take a crystal ball to predict the future</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="31 Jan 2025 9:0" data-epoch="1738314016">31 Jan 2025</span> | <span class="comment light_bg_comments">6</span></div> </div> </a> </article> <article> <a href="/2025/02/11/microsoft_criticized_by_euro_cloud/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Euro cloud crew says we-won't-sue deal with Microsoft is 'off-track'</h4> <div class=standfirst>Overseas pals urge US tech giant to 'rapidly' work on Azure Local project to make things right – sans licenses</div> <div class=time_comments> <span class="section_name">PaaS + IaaS</span><span class="time_stamp" title="11 Feb 2025 10:21" data-epoch="1739269287">11 Feb 2025</span> | <span class="comment light_bg_comments">1</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2025/02/11/aukus_zservers_lockbit_sanctions/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>UK, US, Oz blast holes in LockBit's bulletproof hosting provider Zservers</h4> <div class=standfirst>Huge if true: Brit Foreign Sec says Putin running a 'corrupt mafia state'</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="11 Feb 2025 18:26" data-epoch="1739298367">11 Feb 2025</span> | <span class="comment light_bg_comments">41</span></div> </div> </a> </article> <article> <a href="/2025/02/07/ransomware_costs_analysis/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>If Ransomware Inc was a company, its 2024 results would be a horror show</h4> <div class=standfirst>35% drop in payments across the year as your backups got better and law enforcement made a difference</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="7 Feb 2025 1:50" data-epoch="1738893053">7 Feb 2025</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2025/02/11/it_worker_scam/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice</h4> <div class=standfirst>Remote position, webcam not working, then glitchy AI face ... Red alert!</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="11 Feb 2025 14:1" data-epoch="1739282472">11 Feb 2025</span> | <span class="comment light_bg_comments">81</span></div> </div> </a> </article> <article> <a href="/2025/02/14/sonicwall_firewalls_under_attack_patch/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN</h4> <div class=standfirst>Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew</div> <div class=time_comments> <span class="section_name">Networks</span><span class="time_stamp" title="14 Feb 2025 22:53" data-epoch="1739573606">14 Feb 2025</span> | <span class="comment light_bg_comments">9</span></div> </div> </a> </article> </div> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="owl" data-xsm=",fluid,mpu,dmpu," data-sm=",fluid,mpu,dmpu," data-md=",fluid,mpu,dmpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"></div> </div> </div><div id=footer> <div class="footer_slogan"> <div class="footer_wrapper"> <p>The Register <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png" alt="icon"> Biting the hand that feeds IT</p> </div> </div> <div class="footer_wrapper"> <div class=foot_wrapper> <div class="left_block"> <div class="foot_list"> <h4>About Us<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/contact/">Contact us</a></li> <li><a target=_blank rel=noopener href="https://www.theregister.com/AdvertiseWithUs/">Advertise with us</a></li> <li><a href="https://www.theregister.com/Profile/about_the_register/">Who we are</a></li> </ul> </div> <div class="foot_list more_us"> <h4>Our Websites<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.nextplatform.com/">The Next Platform</a></li> <li><a href="https://devclass.com/">DevClass</a></li> <li><a href="https://blocksandfiles.com/">Blocks and Files</a></li> </ul> </div> <div class="foot_list privacy"> <h4>Your Privacy<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/cookies/">Cookies Policy</a></li> <li><a href="https://www.theregister.com/Profile/privacy/">Privacy Policy</a></li> <li><a href="https://www.theregister.com/Profile/terms_and_conditions_of_use/">Ts & Cs</a></li> </ul> </div> </div> <div class="right_block"> <div class="foot_list"> <a href="https://situationpublishing.com/" id="sitpub_logo"> <img loading="lazy" width="250" alt="Situation Publishing" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/sitpublogo_2022.png"> </a> <p> Copyright. All rights reserved © 1998–2025 </p> </div> </div> <noscript><img width="1" height="1" src="/Design/graphics/std/transparent_pixel.png" alt="no-js"></noscript> </div> </div> </div> <div id=end_scripts> <script> if (typeof(ElReg.Ga.sendPageView) === 'function') { ElReg.Ga.sendPageView('reg_security/cybercrime','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); } </script> <script> $(function() { RegUtils.set_bucket_group(318) }); </script> </div> </div> </body> </html>

CINXE.COM

Crims abusing Microsoft Quick Assist to deploy ransomware • The Register