ransomware
Safeguard articles tagged "ransomware" — guides, analysis, and best practices for software supply chain and application security.
91 articles
Scattered Spider 2025: How the Most Dangerous Social Engineering Group Evolved
Scattered Spider adapted its tactics in 2025, moving beyond casino hacks to target retail, healthcare, and manufacturing with increasingly sophisticated social engineering.
Patelco Credit Union RansomHub Attack: 1M Records, $7.25M Settlement
RansomHub maintained access to Patelco Credit Union's network from May 23 to June 29, 2024, ultimately exposing data on over one million members and triggering a $7.25M class settlement.
American Water Cyberattack: Largest U.S. Utility Forced Offline
American Water Works discovered unauthorised network access on October 3, 2024, shutting down its MyWater customer portal and billing systems serving 14 million people across 24 states.
Qilin Ransomware Group: Dissecting a Rising Threat Actor
Qilin has rapidly become one of the most active ransomware operations, targeting healthcare, manufacturing, and critical infrastructure. A technical breakdown of their methods.
Halliburton RansomHub Attack: $35M Loss in Oilfield Services
RansomHub encrypted Halliburton systems on August 21, 2024, exfiltrated proprietary oilfield data, and contributed to a $35M direct response cost disclosed in the company's Q3 10-Q.
CDK Global BlackSuit Ransomware: 15,000 Dealerships Offline for 2 Weeks
BlackSuit ransomware encrypted CDK Global's dealer-management cloud on June 18-19, 2024, crippling roughly 15,000 North American auto dealerships and triggering a reported $25M ransom payment.
UnitedHealth Change Healthcare: 190 Million Update and the Long Tail
In January 2025 UnitedHealth revised the Change Healthcare breach count to 190 million people, the largest HIPAA breach in US history. We unpack what changed and the supply-chain lessons that still apply.
Ascension Health Black Basta Ransomware: 5.6M Patients Impacted
Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.
Medusa Ransomware: How Supply Chain Tactics Fuel a Growing Threat
Medusa ransomware has evolved beyond traditional encryption schemes, leveraging supply chain compromise to infiltrate victims. Here's what defenders need to know.
Fog Ransomware: Why the Education Sector Keeps Getting Hit
Fog ransomware has carved a niche targeting schools and universities, exploiting chronic underfunding and SonicWall VPN vulnerabilities to devastating effect.
Blue Yonder Termite Ransomware: SaaS Supply-Chain Outage in Retail
In November 2024 the Termite ransomware group hit Blue Yonder, taking workforce-management and logistics SaaS offline for Starbucks, Sainsbury's, and Morrisons. We unpack the SaaS supply-chain blast radius.
Port of Seattle Rhysida: Airport Ransomware and the Public-Sector Tail
On August 24, 2024, Rhysida ransomware took down Port of Seattle systems including Sea-Tac airport check-in, baggage, and the Port website. The Port refused a $6 million ransom. We unpack the case.