ransomware
Safeguard articles tagged "ransomware" — guides, analysis, and best practices for software supply chain and application security.
91 articles
The Kaseya VSA Ransomware Attack Explained
A deep dive into the 2021 Kaseya VSA supply chain ransomware attack: the CVE chain, CVSS/KEV context, full timeline, and remediation steps.
Lazarus Group: 3CX and Software Builds
Lazarus turned a developer's personal machine into a corporate build-system compromise. Here is how that cascade actually worked and what it teaches about build-system trust.
RansomHub Ransomware and EDR Bypass (2024)
RansomHub absorbed affiliates displaced by BlackCat and ran one of the most prolific extortion operations of 2024. Here is what made its tradecraft effective and how to counter it.
Scattered Spider: Identity as Supply Chain 2024-25
Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.
Clop/Cl0p Supply Chain Exploitation Patterns
Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.
Synnovis NHS Qilin Ransomware: Pathology Supply Chain Lessons
Eighteen months after Qilin encrypted Synnovis, the pathology provider finally finished notifying NHS trusts. We unpack how a single supplier paralysed London hospitals and how defenders can prepare.
MGM Ransomware One Year Later: A Retrospective
A 2025 retrospective on the September 2023 MGM Resorts ransomware incident, what changed, what stalled, and how supply chain defenders should adjust.
Kettering Health Interlock Ransomware: A 14-Hospital System Goes Dark
On May 20, 2025, Interlock ransomware encrypted Kettering Health across 14 Ohio hospitals. The actor sat in the network for 41 days before encryption. We unpack the dwell time and the recovery.
CVE-2025-23121 in Veeam Backup & Replication: Patch Posture & SBOM Response
Veeam B&R authenticated RCE on the backup server scored CVSS 9.9. Backup infrastructure cannot be a soft underbelly. Here is the defender playbook.
Hitachi Vantara Akira Ransomware: When the Recovery Vendor Goes Down
Akira ransomware forced Hitachi Vantara to take its own servers offline on April 26, 2025. We trace the attack pattern and the implications when an enterprise data-recovery provider becomes the incident.
Harrods Cyber Attack: The UK Retail Sector Under Sustained Assault
Harrods became the third major UK retailer hit by cyber attacks in weeks, following M&S and Co-op. The pattern points to coordinated campaigns targeting retail.
Marks & Spencer DragonForce Ransomware Attack: Retail Giant Brought to Its Knees
The April 2025 ransomware attack on M&S disrupted online orders for weeks, wiped out hundreds of millions in market value, and exposed retail sector vulnerabilities.