Safeguard
Tag

ransomware

Safeguard articles tagged "ransomware" — guides, analysis, and best practices for software supply chain and application security.

91 articles

Vulnerability Analysis

The Kaseya VSA Ransomware Attack Explained

A deep dive into the 2021 Kaseya VSA supply chain ransomware attack: the CVE chain, CVSS/KEV context, full timeline, and remediation steps.

Feb 10, 20268 min read
Threat Intelligence

Lazarus Group: 3CX and Software Builds

Lazarus turned a developer's personal machine into a corporate build-system compromise. Here is how that cascade actually worked and what it teaches about build-system trust.

Feb 6, 20267 min read
Threat Intelligence

RansomHub Ransomware and EDR Bypass (2024)

RansomHub absorbed affiliates displaced by BlackCat and ran one of the most prolific extortion operations of 2024. Here is what made its tradecraft effective and how to counter it.

Feb 2, 20267 min read
Threat Intelligence

Scattered Spider: Identity as Supply Chain 2024-25

Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.

Jan 30, 20267 min read
Threat Intelligence

Clop/Cl0p Supply Chain Exploitation Patterns

Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.

Jan 23, 20266 min read
Incident Analysis

Synnovis NHS Qilin Ransomware: Pathology Supply Chain Lessons

Eighteen months after Qilin encrypted Synnovis, the pathology provider finally finished notifying NHS trusts. We unpack how a single supplier paralysed London hospitals and how defenders can prepare.

Jan 9, 20267 min read
Incident Analysis

MGM Ransomware One Year Later: A Retrospective

A 2025 retrospective on the September 2023 MGM Resorts ransomware incident, what changed, what stalled, and how supply chain defenders should adjust.

Jul 11, 20254 min read
Incident Analysis

Kettering Health Interlock Ransomware: A 14-Hospital System Goes Dark

On May 20, 2025, Interlock ransomware encrypted Kettering Health across 14 Ohio hospitals. The actor sat in the network for 41 days before encryption. We unpack the dwell time and the recovery.

Jul 8, 20257 min read
Vulnerability Response

CVE-2025-23121 in Veeam Backup & Replication: Patch Posture & SBOM Response

Veeam B&R authenticated RCE on the backup server scored CVSS 9.9. Backup infrastructure cannot be a soft underbelly. Here is the defender playbook.

Jun 18, 20257 min read
Incident Analysis

Hitachi Vantara Akira Ransomware: When the Recovery Vendor Goes Down

Akira ransomware forced Hitachi Vantara to take its own servers offline on April 26, 2025. We trace the attack pattern and the implications when an enterprise data-recovery provider becomes the incident.

May 8, 20257 min read
Breach Analysis

Harrods Cyber Attack: The UK Retail Sector Under Sustained Assault

Harrods became the third major UK retailer hit by cyber attacks in weeks, following M&S and Co-op. The pattern points to coordinated campaigns targeting retail.

May 1, 20256 min read
Breach Analysis

Marks & Spencer DragonForce Ransomware Attack: Retail Giant Brought to Its Knees

The April 2025 ransomware attack on M&S disrupted online orders for weeks, wiped out hundreds of millions in market value, and exposed retail sector vulnerabilities.

Apr 22, 20256 min read
ransomware (Page 3) — Safeguard Blog