https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Shutterstock

Cloaked hacker

Cybereason Issues ‘Highly Severe’ Black Basta Ransomware Warning

  • Written by Edward Gately
  • June 28, 2022
Some of Black Basta's ransom demands have exceeded $1 million.

Cybereason is warning global organizations about a rise in ransomware attacks from the new Black Basta gang.

The Black Basta gang emerged in April. Since then, it has victimized nearly 50 companies in the United States, United Kingdom, Australia, New Zealand and Canada. Organizations in English-speaking countries appear to be targets.

Cybereason assesses the threat level of Black Basta ransomware attacks against global organizations as highly severe.

Black Basta has been using the double extortion scheme on its victims. In addition, some of their ransom demands have exceeded $1 million.

Double extortion works when attackers penetrate a victim’s network, steal sensitive information by moving laterally through organizations and threaten to publish the stolen data unless the ransom demand is paid.

Black Basta an ‘All-Star’ Ransomware

Lior Rochberger is senior security researcher at Cybereason.

Cybereason's Lior Rochberger

Cybereason’s Lior Rochberger

“Black Basta has unique and unseen before features. And what’s interesting, and what makes this ransomware so dangerous, is that the operators behind it seem to not only know what they are doing, but to follow other well-known and notorious groups such as the Conti Group and REvil,” she said. “In fact, many are speculating that Black Basta ransomware was developed by former members of Conti and REvil, which contributes to it being an ‘all-star’ ransomware.”

Some attackers take up to a few days to move laterally inside the network, and collect data and exfiltrate it, Rochberger said. If that is the case, it leaves more time for defenders to detect the anomalous behavior and stop the adversary.

“The problem starts when there is a short time to ransom (TTR) that can be even just a few hours,” she said. “This leaves a short window for defenders to successfully defend against the threat. What is potentially hard to practice, but can be effective, is to password protect documents and files. This way the adversaries cannot access the content inside them. And the files will be useless for them or for potential buyers.”

Updating Security Tools and Software

There are many things organizations can do to protect themselves from ransomware attacks, Rochberger said. One is ensuring security tools and software are updated regularly with patches and that configurations are correct.

“In addition, organizations should use advanced security tools that can detect and prevent malicious activity based on the behavior and artificial intelligence (AI) rather than static information such as hashes,” she said. “In addition, it is important for organizations to have visibility across their entire network.”

Roger Grimes is data-driven defense evangelist at KnowBe4. He said the most interesting and scary development is the continued growing focus on compromising VMware ESXi virtual hosts.

KnowBe4's Roger Grimes

KnowBe4’s Roger Grimes

“Most corporations are huge into virtual machine (VM) infrastructures, and it’s only growing,” he said. “One compromised VM host can immediately put at risk dozens to hundreds of virtual guest instances. It makes it far easier for a ransomware program or group to do all the double extortion damages, including stealing login credentials, data exfiltration and encryption. Plus, most VM infrastructures use and rely on the same infrastructure to conduct their mission-critical backups. It’s a part of the VM infrastructure and because of that it’s easier to compromise once the VM host is compromised.”

Protecting VM Investments

Compromising a VM host makes it far easier for the attacker to also compromise the involved backups, Grimes said.

“I would go so far as to say that any ransomware program not intentionally targeting VM infrastructures is being highly inefficient and dumb,” he said. “It’s even more important than ever that shops with huge VM investments understand this changing landscape and take the appropriate mitigations.”

Organizations should protect VM infrastructures like the high-risk assets they are, Grimes said.

“They need to require multifactor authentication (MFA) to access them, aggressively patched and aggressively monitored,” he said. “You can’t protect a VM host machine like you do a regular server. Or if you do, you’re just asking for increased risk and far greater chance of significant compromise.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.
Tags: MSPs VARs/SIs Artificial Intelligence Best Practices Channel Research Cloud Security Technologies

Most Recent


  • private
    Vista Equity Partners Buying Avalara for $8.4 Billion, Taking It Private
    When completed, Avalara’s shares will no longer trade on the New York Stock Exchange.
  • Phishing
    Twilio Customers' Data Stolen in Phishing Attacks that Trick Employees
    The hackers impersonated Twilio's IT department.
  • Beyond Pride
    'Beyond Pride,' a Free DE&I Webinar on Workplace Culture for LGBTQ+
    Allies and awareness are key to helping LGBTQ+ employees feel safe.
  • Navigate business
    How Partners Can Navigate Economic Uncertainty, Possible Recession Ahead
    The biggest mistake is companies waiting too long to reduce costs.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Making Waves
    7 Channel People Making Waves This Week at Datto, New Relic, Kyndryl, More
  • Fireworks
    Cybersecurity Experts: July 4th Weekend Ripe for Ransomware, Other Attacks
  • Software patch
    Tetra Defense: Unpatched Systems Behind Costliest Cyberattacks in Q1
  • data center storage
    Veeam Co-Founders Launch Startup Object First with S3-Compatible Storage

Upcoming Events

View all

MSP Summit

September 13, 2022 - September 16, 2022

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Galleries

View all

Images: Telarus Hosts Partner Summit, Gives Partner, Supplier Awards

August 5, 2022

7 Channel People Making Waves This Week at Kaseya, AT&T, Cohesity, More

August 5, 2022

The Gately Report: Zscaler Tracks New, Increasingly Dangerous Ransomware Group, Most Targeted Types of People

August 5, 2022

Industry Perspectives

View all

Seize the Application Modernization Opportunity

August 2, 2022

A Growth Mindset: Your Organization’s Strategic Differentiator

August 1, 2022

Timely Tips for Non-Negotiable Patch Updates

July 29, 2022

Webinars

View all

Outsmarting RaaS: Implementation Strategies To Help Your Clients Before, During, and After a Ransomware Attack

August 23, 2022

Why it is Important to Upgrade Aging Servers and How to use Live Optics to Upgrade Efficiently

August 25, 2022

Executives at Home are Not Alright: An Intro to Digital Executive Protection

September 8, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

Vonage a ‘Single Communications Stack Provider’ for Partners, Customers

IBM, Partners and the $1 Trillion Hybrid Cloud Opportunity

June 26, 2022

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

May 6, 2022

Twitter

ChannelFutures

Hackers access @twilio customer data via #phishing attacks. dlvr.it/SWHWXn https://t.co/dV9bal0vGS

August 8, 2022
ChannelFutures

[email protected] produced a 50-minute webinar on creating a work culture in which LGBTQ+ employees feel safe. You can… twitter.com/i/web/status/1…

August 8, 2022
ChannelFutures

#MSPSummit preview: Surviving, thriving during economic rough seas with @SL-Index's Peter Kujawa.… twitter.com/i/web/status/1…

August 8, 2022
ChannelFutures

.@ConnectWise says use #cyberinsurance policies to protect from worst of cyberattack repercussions, but first beef… twitter.com/i/web/status/1…

August 8, 2022
ChannelFutures

Check out our pictures from the #TelarusPartnerSummit that @telarus hosted in Salt Lake City.… twitter.com/i/web/status/1…

August 5, 2022
ChannelFutures

Channel People Making Waves This Week Include: @spoonen, @RoyArsan, @TheAnneChow, @AnuragTechaisle… twitter.com/i/web/status/1…

August 5, 2022
ChannelFutures

.@RingCentral plans #layoffs after strong Q2 earnings. dlvr.it/SW7kd5 https://t.co/OIlLuYgyLJ

August 5, 2022
ChannelFutures

.@msftsecurity makes upgrades to #MicrosoftDefender. dlvr.it/SW7cpg https://t.co/KbPsyM8eYe

August 5, 2022

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X