Uptick in Social Engineering Campaign Deploying Black Basta Ransomware

Arctic Wolf reports increased activity in a Black Basta ransomware campaign that leverages Microsoft Teams, email spam, and vishing to trick victims into granting remote access via Microsoft Quick Assist; attackers then deploy secondary malware (EvilProxy, Qakbot, SystemBC, ScreenConnect, NetSupport Manager, Cobalt Strike), establish persistence, perform credential harvesting and lateral movement, and ultimately deploy Black Basta for double-extortion. The bulletin provides detection recommendations, advises uninstalling or disabling Quick Assist and unapproved RMM tools, and recommends deploying Arctic Wolf Agent and Sysmon plus security awareness training and Teams-specific safeguards.