Barracuda reported that 90% of ransomware incidents in 2025 involved attackers exploiting firewalls through unpatched software vulnerabilities or compromised accounts, based on analysis of thousands of real-world security incidents in its Managed XDR Global Threat Report. It also observed that the fastest ransomware case progressed from breach to encryption in three hours, highlighting how quickly attacks can unfold and compress response windows.

The report says attackers often abuse legitimate IT tools such as remote access software, exploit unprotected devices, and take advantage of weaknesses such as outdated encryption, disabled endpoint security, and unusual login or privileged-access behavior. It found that one in ten detected vulnerabilities had a known exploit, and flagged CVE-2013-2566—linked to an outdated encryption algorithm—as one of the most commonly detected issues, indicating persistent exposure in legacy systems and embedded devices.

Barracuda also noted that lateral movement is a strong indicator of escalation: 96% of incidents involving lateral movement ended with ransomware deployment. Supply-chain and third-party exposure was another recurring theme, with 66% of incidents involving a third party or supply chain component, up from 45% in 2024.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!