Ransomware
In-depth guides and analysis on ransomware from the Safeguard engineering team.
24 articles
Clop Ransomware and the MOVEit Campaign: Mass Exploitation at Scale
Clop's exploitation of MOVEit Transfer compromised over 2,500 organizations in one campaign, demonstrating a shift from traditional ransomware to mass vulnerability exploitation.
Double Extortion Ransomware: How Data Theft Changed the Game
Double extortion transformed ransomware from a reversible nuisance into an irreversible data breach. The evolution from encryption-only to data theft fundamentally changed the threat model.
Royal Ransomware: Why Healthcare Became the Primary Target
Royal ransomware emerged from the ashes of Conti to become one of the most aggressive operations targeting healthcare organizations in 2022 and 2023.
LockBit 3.0: The Evolution of the World's Most Prolific Ransomware Operation
LockBit 3.0 introduced bug bounties, new extortion tactics, and industrial-scale operations that made it the dominant ransomware group through 2022 and 2023.
BlackCat/ALPHV Ransomware: Rust-Based Innovation and Supply Chain Exploitation
BlackCat (ALPHV) brought Rust programming, triple extortion, and supply chain targeting to the ransomware-as-a-service model, raising the bar for both attackers and defenders.
Costa Rica Conti Ransomware: The First Ransomware Attack to Trigger a National Emergency
The Conti ransomware group attacked Costa Rica's government systems so severely that the president declared a national emergency — the first time a country took such action in response to a cyberattack.
Conti Ransomware Leaks: What the Internal Files Revealed About Supply Chain Tools
When Conti's internal communications leaked in early 2022, they exposed the operational playbook of a top-tier ransomware gang — including how they targeted supply chains.
Kronos Ransomware Attack: When Payroll Systems Go Dark Before the Holidays
A ransomware attack on Ultimate Kronos Group disrupted payroll and workforce management for millions of workers at hospitals, governments, and major employers right before the holiday season.
REvil Ransomware Shutdown: How Law Enforcement Took Down a Ransomware Empire
REvil was one of the most prolific ransomware-as-a-service operations until a coordinated law enforcement takedown dismantled its infrastructure in October 2021.
Accenture LockBit Ransomware Attack: When a Security Consultant Gets Hacked
LockBit ransomware operators breached Accenture, a major global consulting firm, claiming to have stolen 6TB of data and demanding a $50 million ransom.
JBS Foods Ransomware Attack: When Hackers Targeted the World's Meat Supply
REvil ransomware shut down the world's largest meat processor, disrupting supply chains across the US, Australia, and Canada — and resulted in an $11 million ransom payment.
Colonial Pipeline Ransomware Attack: How a Single Password Shut Down America's Fuel Supply
The 2021 Colonial Pipeline attack exposed critical infrastructure vulnerabilities when a compromised VPN password led to a $4.4 million ransom and fuel shortages across the Eastern United States.