Safeguard
Topic

Ransomware

In-depth guides and analysis on ransomware from the Safeguard engineering team.

24 articles

Ransomware

Clop Ransomware and the MOVEit Campaign: Mass Exploitation at Scale

Clop's exploitation of MOVEit Transfer compromised over 2,500 organizations in one campaign, demonstrating a shift from traditional ransomware to mass vulnerability exploitation.

Jul 5, 20237 min read
Ransomware

Double Extortion Ransomware: How Data Theft Changed the Game

Double extortion transformed ransomware from a reversible nuisance into an irreversible data breach. The evolution from encryption-only to data theft fundamentally changed the threat model.

May 15, 20238 min read
Ransomware

Royal Ransomware: Why Healthcare Became the Primary Target

Royal ransomware emerged from the ashes of Conti to become one of the most aggressive operations targeting healthcare organizations in 2022 and 2023.

Jan 22, 20237 min read
Ransomware

LockBit 3.0: The Evolution of the World's Most Prolific Ransomware Operation

LockBit 3.0 introduced bug bounties, new extortion tactics, and industrial-scale operations that made it the dominant ransomware group through 2022 and 2023.

Oct 18, 20226 min read
Ransomware

BlackCat/ALPHV Ransomware: Rust-Based Innovation and Supply Chain Exploitation

BlackCat (ALPHV) brought Rust programming, triple extortion, and supply chain targeting to the ransomware-as-a-service model, raising the bar for both attackers and defenders.

Jul 12, 20227 min read
Ransomware

Costa Rica Conti Ransomware: The First Ransomware Attack to Trigger a National Emergency

The Conti ransomware group attacked Costa Rica's government systems so severely that the president declared a national emergency — the first time a country took such action in response to a cyberattack.

Apr 18, 20225 min read
Ransomware

Conti Ransomware Leaks: What the Internal Files Revealed About Supply Chain Tools

When Conti's internal communications leaked in early 2022, they exposed the operational playbook of a top-tier ransomware gang — including how they targeted supply chains.

Mar 2, 20227 min read
Ransomware

Kronos Ransomware Attack: When Payroll Systems Go Dark Before the Holidays

A ransomware attack on Ultimate Kronos Group disrupted payroll and workforce management for millions of workers at hospitals, governments, and major employers right before the holiday season.

Dec 14, 20215 min read
Ransomware

REvil Ransomware Shutdown: How Law Enforcement Took Down a Ransomware Empire

REvil was one of the most prolific ransomware-as-a-service operations until a coordinated law enforcement takedown dismantled its infrastructure in October 2021.

Oct 22, 20217 min read
Ransomware

Accenture LockBit Ransomware Attack: When a Security Consultant Gets Hacked

LockBit ransomware operators breached Accenture, a major global consulting firm, claiming to have stolen 6TB of data and demanding a $50 million ransom.

Aug 18, 20215 min read
Ransomware

JBS Foods Ransomware Attack: When Hackers Targeted the World's Meat Supply

REvil ransomware shut down the world's largest meat processor, disrupting supply chains across the US, Australia, and Canada — and resulted in an $11 million ransom payment.

Jun 5, 20216 min read
Ransomware

Colonial Pipeline Ransomware Attack: How a Single Password Shut Down America's Fuel Supply

The 2021 Colonial Pipeline attack exposed critical infrastructure vulnerabilities when a compromised VPN password led to a $4.4 million ransom and fuel shortages across the Eastern United States.

May 8, 20215 min read
Ransomware (Page 2) — Supply Chain Security Blog | Safeguard