Ransomware Campaign Targets Critical Infrastructure via Microsoft Teams and Quick Assist

On March 5, Health-ISAC, a global cybersecurity organization in healthcare, reported a series of ransomware attacks. These attacks leveraged Microsoft Teams and Quick Assist to gain unauthorized access to sensitive systems and it’s a trend that is growing and one you should be aware of.

How The Attack Works

The attacks begin with a flood of spam emails. This initial wave is designed to overwhelm you and create a sense of urgency. Then fake Microsoft IT Support personnel attempt to contact you via Microsoft Teams. The goal is to convince you to grant them remote access to your computer using Microsoft Quick Assist and steal sensitive information from HM and you.

Protecting HM Systems and Patient Data

As a reminder, the IT Service Desk will never contact you for your password or ask you to visit any websites to click on links or download information. To help keep HM systems and patient data safe, you should be vigilant and take the following steps:

  • Report Suspicious Messages: If you receive any suspicious email, report it using the Report Phish or Report Suspicious button. If you receive a suspicious Teams message, use the Report this message feature in Teams. Go to the message, select More options > More actions > Report this message.

  • Report Spam Influxes: Report any major influxes of spam emails by contacting the Service Desk immediately at 832.667.5600 or email it-securityservicesteam@houstonmethodist.org. This can help identify and mitigate potential threats early.

  • Verify Identities: Always verify the identity of anyone claiming to be from IT Support. If it appears suspicious, tell them you will call them back through the IT Service Desk to ensure that you’re speaking with legitimate representatives.

  • Never click a link within a text, email or search result from someone you don’t know or can’t confirm.

  • Be Cautious with Remote Access Requests: Be wary of unsolicited requests for remote access. Always confirm such requests through official channels before proceeding.

By staying vigilant, you can play a crucial role in protecting HM systems and patient data from these sophisticated ransomware campaigns.

© 2024. Houston Methodist, Houston, TX. All rights reserved.