(Credit: Bloomberg / Contributor via Getty Images)
Russia-based members of the "Black Basta" ransomware group have been conducting social engineering attacks to gain access to victims' computers by spamming email inboxes and then sending malicious messages on the video-conferencing platform Microsoft Teams to "resolve" the issue, according to cybersecurity firm ReliaQuest.
The attackers pose as IT support staff and message potential victims on Microsoft Teams chats using the .onmicrosoft.com domain. Then, they may send legitimate-looking but malicious links or QR codes in the chat. This may trick victims into installing remote-access software like AnyDesk or QuickAssist onto their devices and ask victims to grant them access to their computers.
ReliaQuest's report suggests that Black Basta is targeting workers with the ultimate goal of breaching company systems and locking up internal data for a crypto ransom.
Unfortunately, tech support scams have been a primary attack strategy for cybercriminals for years. Be wary of any person or entity that contacts you claiming to be customer support.
It's also a good idea to change your Microsoft Teams security and privacy settings to disable messages or calls from external or unknown users. Also, make sure your email is filtering out spam properly, and mark suspicious emails as spam. On Microsoft Outlook, you can choose from multiple different spam filtering levels. Or, if you're using Gmail, you can set up custom spam filters yourself.
Black Basta reportedly sells its ransomware and email spam services on the dark web, and has been active since at least as early as 2022. The group previously breached US healthcare provider Ascension earlier this year. Researchers estimate Black Basta has raked in at least $107 million in ill-gotten gains through its ransomware attacks in the past two years. While the group has attacked more than 329 organizations globally, only 115 have paid ransoms.