ransomware
Safeguard articles tagged "ransomware" — guides, analysis, and best practices for software supply chain and application security.
91 articles
Play Ransomware: Supply Chain Exploitation Through Managed Service Providers
Play ransomware refined the MSP attack model, exploiting FortiOS and RDP vulnerabilities to cascade through managed service providers into hundreds of downstream organizations.
Medusa Ransomware: How Supply Chain Infiltration Became Their Signature Move
Medusa ransomware operators have refined a playbook that targets managed service providers and software vendors as stepping stones into hundreds of downstream victims.
Fog Ransomware: Why Schools and Universities Are Under Siege
Fog ransomware has carved a niche by targeting educational institutions — organizations with tight budgets, thin security teams, and massive attack surfaces. Here is how they operate.
Ransomware-as-a-Service in 2024: The Ecosystem That Won't Die
The RaaS ecosystem proved resilient through 2024 despite major law enforcement takedowns, with new groups filling every gap and affiliate models becoming more sophisticated.
Qilin Ransomware and the Chrome Credential Harvesting Gambit
Qilin ransomware operators pioneered a mass credential theft technique using Group Policy to extract saved Chrome browser credentials across entire domains.
INC Ransom: Inside the Group Targeting Healthcare Infrastructure
INC Ransom has made healthcare a primary target, exploiting the sector's unique vulnerabilities and urgency. A deep dive into their operations and what healthcare security teams should prioritize.
SonicWall SSL VPN CVE-2024-40766: Ransomware's Favorite Front Door
CVE-2024-40766 in SonicWall SonicOS became an immediate target for Akira and Fog ransomware groups, highlighting the ongoing risk of VPN appliance vulnerabilities.
Rhysida Ransomware: Systematic Targeting of Government and Critical Infrastructure
Rhysida ransomware distinguished itself through deliberate targeting of government agencies, education institutions, and healthcare organizations across multiple countries.
VMware ESXi Under Siege: Ransomware Campaigns Targeting Hypervisors in 2024
Ransomware groups increasingly target VMware ESXi hypervisors to encrypt entire virtual environments at once. The 2024 campaigns exploited known and zero-day vulnerabilities for maximum impact.
Clop: Supply Chain Exploitation Tradecraft
Clop has turned supply chain exploitation into a repeatable playbook — MOVEit, GoAnywhere, Cleo. A look at the tradecraft that makes the campaign work.
Malware Types: A Practitioner's Taxonomy
A reference list of all malware types by how they spread and what they do — worms, trojans, ransomware, rootkits, and the rest — because knowing the category tells you what defense actually stops it.
Conti Ransomware Supply Chain Patterns
Before Conti splintered in 2022, its affiliates turned MSPs, RMM tools, and identity infrastructure into repeatable supply chain attack paths.