Hackers are exploiting Microsoft’s Quick Assist Tool to deliver ransomware by using techniques like vishing to gain remote access, tricking users into granting control, and deploying malware such as Qakbot and Cobalt Strike, leading to Black Basta ransomware deployment. Microsoft recommends blocking unused remote tools, educating users on tech support scams, and implementing anti-phishing solutions to reduce risks. The attackers utilize ScreenConnect for persistence, NetSupport Manager for remote control, OpenSSH tunneling, and PsExec for deploying Black Basta ransomware, focusing on initial access brokers to minimize the threat impact
Recommendations include uninstalling unused tools, educating users on scam identification, reporting suspicious activities, training on cybersecurity awareness, using anti-phishing solutions, enabling network protection, and following Microsoft’s ransomware hardening guidance. ```https://cybersecuritynews.com/hackers-exploiting-quick-assist-ransomware/