Safeguard
Tag

ransomware

Safeguard articles tagged "ransomware" — guides, analysis, and best practices for software supply chain and application security.

91 articles

Threat Intelligence

Scattered Spider 2025: How the Most Dangerous Social Engineering Group Evolved

Scattered Spider adapted its tactics in 2025, moving beyond casino hacks to target retail, healthcare, and manufacturing with increasingly sophisticated social engineering.

Mar 20, 20257 min read
Incident Analysis

Patelco Credit Union RansomHub Attack: 1M Records, $7.25M Settlement

RansomHub maintained access to Patelco Credit Union's network from May 23 to June 29, 2024, ultimately exposing data on over one million members and triggering a $7.25M class settlement.

Mar 5, 20256 min read
Incident Analysis

American Water Cyberattack: Largest U.S. Utility Forced Offline

American Water Works discovered unauthorised network access on October 3, 2024, shutting down its MyWater customer portal and billing systems serving 14 million people across 24 states.

Feb 26, 20256 min read
Threat Intelligence

Qilin Ransomware Group: Dissecting a Rising Threat Actor

Qilin has rapidly become one of the most active ransomware operations, targeting healthcare, manufacturing, and critical infrastructure. A technical breakdown of their methods.

Feb 20, 20255 min read
Incident Analysis

Halliburton RansomHub Attack: $35M Loss in Oilfield Services

RansomHub encrypted Halliburton systems on August 21, 2024, exfiltrated proprietary oilfield data, and contributed to a $35M direct response cost disclosed in the company's Q3 10-Q.

Feb 19, 20256 min read
Incident Analysis

CDK Global BlackSuit Ransomware: 15,000 Dealerships Offline for 2 Weeks

BlackSuit ransomware encrypted CDK Global's dealer-management cloud on June 18-19, 2024, crippling roughly 15,000 North American auto dealerships and triggering a reported $25M ransom payment.

Feb 4, 20256 min read
Incident Analysis

UnitedHealth Change Healthcare: 190 Million Update and the Long Tail

In January 2025 UnitedHealth revised the Change Healthcare breach count to 190 million people, the largest HIPAA breach in US history. We unpack what changed and the supply-chain lessons that still apply.

Feb 4, 20257 min read
Incident Analysis

Ascension Health Black Basta Ransomware: 5.6M Patients Impacted

Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.

Jan 22, 20256 min read
Threat Intelligence

Medusa Ransomware: How Supply Chain Tactics Fuel a Growing Threat

Medusa ransomware has evolved beyond traditional encryption schemes, leveraging supply chain compromise to infiltrate victims. Here's what defenders need to know.

Jan 15, 20256 min read
Ransomware

Fog Ransomware: Why the Education Sector Keeps Getting Hit

Fog ransomware has carved a niche targeting schools and universities, exploiting chronic underfunding and SonicWall VPN vulnerabilities to devastating effect.

Jan 14, 20256 min read
Incident Analysis

Blue Yonder Termite Ransomware: SaaS Supply-Chain Outage in Retail

In November 2024 the Termite ransomware group hit Blue Yonder, taking workforce-management and logistics SaaS offline for Starbucks, Sainsbury's, and Morrisons. We unpack the SaaS supply-chain blast radius.

Dec 19, 20247 min read
Incident Analysis

Port of Seattle Rhysida: Airport Ransomware and the Public-Sector Tail

On August 24, 2024, Rhysida ransomware took down Port of Seattle systems including Sea-Tac airport check-in, baggage, and the Port website. The Port refused a $6 million ransom. We unpack the case.

Dec 5, 20247 min read
ransomware (Page 4) — Safeguard Blog