Safeguard
Topic

Ransomware

In-depth guides and analysis on ransomware from the Safeguard engineering team.

24 articles

Ransomware

First VPN Takedown: How May 2026's Strike on Ransomware Infrastructure Worked

In May 2026, an international coalition dismantled First VPN, a service the FBI says at least 25 ransomware gangs used to hide. We unpack the takedown, the broader 2026 infrastructure offensive, and why disrupting plumbing matters more than chasing brands.

May 22, 202610 min read
Ransomware

The Gentlemen RaaS Database Leak: What the May 2026 Breach Revealed About a Top Ransomware Operation

An insider sold The Gentlemen's internal 'Rocket' backend in May 2026, exposing affiliate structure, tooling, and negotiation logs of one of 2026's most prolific RaaS crews. Here is what the leak teaches defenders.

May 20, 202611 min read
Ransomware

Nitrogen Ransomware Hits Foxconn: 8TB Claim and the Manufacturing Extortion Wave of May 2026

Foxconn confirmed a cyberattack on its North American factories in May 2026 after the Nitrogen ransomware crew claimed 8TB and 11 million files. We break down the attack chain, the broken ESXi decryptor, and what manufacturers should do now.

May 14, 202612 min read
Ransomware

Fog Ransomware: Why the Education Sector Keeps Getting Hit

Fog ransomware has carved a niche targeting schools and universities, exploiting chronic underfunding and SonicWall VPN vulnerabilities to devastating effect.

Jan 14, 20256 min read
Ransomware

Play Ransomware: Supply Chain Exploitation Through Managed Service Providers

Play ransomware refined the MSP attack model, exploiting FortiOS and RDP vulnerabilities to cascade through managed service providers into hundreds of downstream organizations.

Nov 15, 20247 min read
Ransomware

Medusa Ransomware: How Supply Chain Infiltration Became Their Signature Move

Medusa ransomware operators have refined a playbook that targets managed service providers and software vendors as stepping stones into hundreds of downstream victims.

Nov 5, 20246 min read
Ransomware

Ransomware-as-a-Service in 2024: The Ecosystem That Won't Die

The RaaS ecosystem proved resilient through 2024 despite major law enforcement takedowns, with new groups filling every gap and affiliate models becoming more sophisticated.

Sep 22, 20247 min read
Ransomware

Qilin Ransomware and the Chrome Credential Harvesting Gambit

Qilin ransomware operators pioneered a mass credential theft technique using Group Policy to extract saved Chrome browser credentials across entire domains.

Sep 20, 20246 min read
Ransomware

Rhysida Ransomware: Systematic Targeting of Government and Critical Infrastructure

Rhysida ransomware distinguished itself through deliberate targeting of government agencies, education institutions, and healthcare organizations across multiple countries.

Aug 5, 20247 min read
Ransomware

Black Basta Ransomware: Techniques and Tactics in 2024

Black Basta evolved from a Conti offshoot into one of the most technically advanced ransomware operations, using novel initial access methods and sophisticated evasion techniques.

Apr 18, 20247 min read
Ransomware

Akira Ransomware: Exploiting VPN Vulnerabilities for Supply Chain Entry

Akira ransomware systematically exploited Cisco VPN vulnerabilities as its primary entry vector, targeting organizations through the network infrastructure they trusted most.

Jan 12, 20247 min read
Ransomware

The Ransomware Payment Ban Debate: Arguments, Evidence, and Unintended Consequences

Should governments ban ransomware payments? The debate intensified through 2023 as attacks escalated, with strong arguments on both sides and no clear consensus.

Aug 28, 20237 min read
Ransomware — Supply Chain Security Blog | Safeguard