Safeguard
Tag

ransomware

Safeguard articles tagged "ransomware" — guides, analysis, and best practices for software supply chain and application security.

91 articles

Incident Analysis

MGM Resorts and Caesars Hit by Scattered Spider: Social Engineering at Scale

In September 2023, the Scattered Spider hacking group crippled MGM Resorts and extorted Caesars Entertainment through phone-based social engineering, exposing how human vulnerabilities can bypass even the most expensive security stacks.

Sep 14, 20238 min read
Ransomware

The Ransomware Payment Ban Debate: Arguments, Evidence, and Unintended Consequences

Should governments ban ransomware payments? The debate intensified through 2023 as attacks escalated, with strong arguments on both sides and no clear consensus.

Aug 28, 20237 min read
Ransomware

Clop Ransomware and the MOVEit Campaign: Mass Exploitation at Scale

Clop's exploitation of MOVEit Transfer compromised over 2,500 organizations in one campaign, demonstrating a shift from traditional ransomware to mass vulnerability exploitation.

Jul 5, 20237 min read
Ransomware

Double Extortion Ransomware: How Data Theft Changed the Game

Double extortion transformed ransomware from a reversible nuisance into an irreversible data breach. The evolution from encryption-only to data theft fundamentally changed the threat model.

May 15, 20238 min read
Vulnerability Analysis

PaperCut CVE-2023-27350: When Print Management Software Becomes a Ransomware Gateway

CVE-2023-27350 in PaperCut NG/MF allowed unauthenticated RCE through the print management server. Cl0p and LockBit ransomware groups jumped on it within days.

Apr 19, 20236 min read
Incident Analysis

GoAnywhere MFT Zero-Day (CVE-2023-0669): Clop Ransomware's File Transfer Rampage

The Clop ransomware gang exploited a pre-auth RCE in GoAnywhere MFT to breach over 130 organizations. The campaign foreshadowed their devastating MOVEit attack months later.

Feb 6, 20236 min read
Ransomware

Royal Ransomware: Why Healthcare Became the Primary Target

Royal ransomware emerged from the ashes of Conti to become one of the most aggressive operations targeting healthcare organizations in 2022 and 2023.

Jan 22, 20237 min read
Ransomware

LockBit 3.0: The Evolution of the World's Most Prolific Ransomware Operation

LockBit 3.0 introduced bug bounties, new extortion tactics, and industrial-scale operations that made it the dominant ransomware group through 2022 and 2023.

Oct 18, 20226 min read
Ransomware

BlackCat/ALPHV Ransomware: Rust-Based Innovation and Supply Chain Exploitation

BlackCat (ALPHV) brought Rust programming, triple extortion, and supply chain targeting to the ransomware-as-a-service model, raising the bar for both attackers and defenders.

Jul 12, 20227 min read
Ransomware

Costa Rica Conti Ransomware: The First Ransomware Attack to Trigger a National Emergency

The Conti ransomware group attacked Costa Rica's government systems so severely that the president declared a national emergency — the first time a country took such action in response to a cyberattack.

Apr 18, 20225 min read
Ransomware

Conti Ransomware Leaks: What the Internal Files Revealed About Supply Chain Tools

When Conti's internal communications leaked in early 2022, they exposed the operational playbook of a top-tier ransomware gang — including how they targeted supply chains.

Mar 2, 20227 min read
Ransomware

Kronos Ransomware Attack: When Payroll Systems Go Dark Before the Holidays

A ransomware attack on Ultimate Kronos Group disrupted payroll and workforce management for millions of workers at hospitals, governments, and major employers right before the holiday season.

Dec 14, 20215 min read
ransomware (Page 7) — Safeguard Blog