Safeguard
Tag

ransomware

Safeguard articles tagged "ransomware" — guides, analysis, and best practices for software supply chain and application security.

91 articles

Ransomware

Play Ransomware: Supply Chain Exploitation Through Managed Service Providers

Play ransomware refined the MSP attack model, exploiting FortiOS and RDP vulnerabilities to cascade through managed service providers into hundreds of downstream organizations.

Nov 15, 20247 min read
Ransomware

Medusa Ransomware: How Supply Chain Infiltration Became Their Signature Move

Medusa ransomware operators have refined a playbook that targets managed service providers and software vendors as stepping stones into hundreds of downstream victims.

Nov 5, 20246 min read
Threat Intelligence

Fog Ransomware: Why Schools and Universities Are Under Siege

Fog ransomware has carved a niche by targeting educational institutions — organizations with tight budgets, thin security teams, and massive attack surfaces. Here is how they operate.

Nov 5, 20246 min read
Ransomware

Ransomware-as-a-Service in 2024: The Ecosystem That Won't Die

The RaaS ecosystem proved resilient through 2024 despite major law enforcement takedowns, with new groups filling every gap and affiliate models becoming more sophisticated.

Sep 22, 20247 min read
Ransomware

Qilin Ransomware and the Chrome Credential Harvesting Gambit

Qilin ransomware operators pioneered a mass credential theft technique using Group Policy to extract saved Chrome browser credentials across entire domains.

Sep 20, 20246 min read
Threat Intelligence

INC Ransom: Inside the Group Targeting Healthcare Infrastructure

INC Ransom has made healthcare a primary target, exploiting the sector's unique vulnerabilities and urgency. A deep dive into their operations and what healthcare security teams should prioritize.

Sep 15, 20246 min read
Vulnerability Analysis

SonicWall SSL VPN CVE-2024-40766: Ransomware's Favorite Front Door

CVE-2024-40766 in SonicWall SonicOS became an immediate target for Akira and Fog ransomware groups, highlighting the ongoing risk of VPN appliance vulnerabilities.

Aug 22, 20246 min read
Ransomware

Rhysida Ransomware: Systematic Targeting of Government and Critical Infrastructure

Rhysida ransomware distinguished itself through deliberate targeting of government agencies, education institutions, and healthcare organizations across multiple countries.

Aug 5, 20247 min read
Threat Intelligence

VMware ESXi Under Siege: Ransomware Campaigns Targeting Hypervisors in 2024

Ransomware groups increasingly target VMware ESXi hypervisors to encrypt entire virtual environments at once. The 2024 campaigns exploited known and zero-day vulnerabilities for maximum impact.

Jul 30, 20247 min read
Industry Analysis

Clop: Supply Chain Exploitation Tradecraft

Clop has turned supply chain exploitation into a repeatable playbook — MOVEit, GoAnywhere, Cleo. A look at the tradecraft that makes the campaign work.

Jun 15, 20246 min read
Security Concepts

Malware Types: A Practitioner's Taxonomy

A reference list of all malware types by how they spread and what they do — worms, trojans, ransomware, rootkits, and the rest — because knowing the category tells you what defense actually stops it.

Apr 22, 20246 min read
Industry Analysis

Conti Ransomware Supply Chain Patterns

Before Conti splintered in 2022, its affiliates turned MSPs, RMM tools, and identity infrastructure into repeatable supply chain attack paths.

Apr 18, 20246 min read
ransomware (Page 5) — Safeguard Blog