Russian Hackers Exploit Microsoft Teams to Launch Ransomware Attacks in UK

Cybercriminal groups Fin7 and Storm-1811 are using Teams' default settings to gain access to systems, prompting warnings for heightened vigilance.

Russian cybercriminals are posing as IT support workers on Microsoft Teams to infiltrate UK computer systems and install ransomware.
The hackers overwhelm victims with thousands of spam emails before contacting them via Teams to offer fake technical support.
Once granted remote access, the hackers install ransomware, extracting data and freezing systems while demanding cryptocurrency payments.
Sophos, a UK-based cybersecurity firm, has linked the campaign to Russian cyber gangs Fin7 and Storm-1811, with 15 incidents reported in the last three months.
The UK government is proposing a ban on ransomware payments by public bodies and requiring private entities to seek approval before paying ransoms to deter such attacks.