Thursday, May 8, 2025
HomeCVE/vulnerabilityRansomware Attack Via Unpatched Vulnerabilities Are Brutal: New Survey

Ransomware Attack Via Unpatched Vulnerabilities Are Brutal: New Survey

Published on

SIEM as a Service

Follow Us on Google News

Adversaries use stolen credentials or exploit software vulnerabilities to gain access for ransomware attacks, which impacts the initial infection method.

The study surveyed IT professionals in small and mid-sized businesses hit by ransomware within the last year. 

They found that exploited vulnerabilities often lead to more severe attacks with higher costs, while compromised credentials might result in less damaging infections. They also identified the industries most impacted by these different entry points. 

- Advertisement - Google News

Attacks using ransomware that take advantage of unpatched vulnerabilities are more damaging than attacks that use stolen credentials. 

Organizations hit by these attacks experienced higher rates of compromised backups, encrypted data, and ransom payments, which incurred significantly higher recovery costs and longer recovery times. 

While the reasons are not fully understood, it suggests attackers exploiting vulnerabilities may be more skilled, leading to a more comprehensive compromise by highlighting the importance of patching software to mitigate ransomware risks.

Ransomware Attacks Via Unpatched Vulnerabilities

Nearly a third of ransomware attacks exploit unpatched vulnerabilities, with the percentage varying by industry, while energy, oil, and gas are hit hardest (49% of attacks), likely due to reliance on older, more vulnerable technologies with limited patching options. 

Percentage of ransomware attacks that started with exploited vulnerability

Even when patches exist, over half (55%) of recent attacks involved known vulnerabilities like ProxyShell and Log4Shell, in which the risk of attacks also increases with organizational size as complex IT environments with a larger attack surface become harder to manage and patch effectively. 

An analysis by Sophos shows that ransomware attacks exploiting vulnerabilities are more damaging than those using stolen credentials.

The vulnerability exploit method resulted in worse outcomes in all three aspects – compromising backups, encrypting data, and receiving ransom payments. 

Attackers are just as likely to target backups in both methods but succeed more often (75% vs. 54%) when exploiting vulnerabilities, suggesting either higher attacker skill or weaker backup protection. 

Data encryption also rises significantly (67% vs. 43%) with vulnerability exploits, possibly due to attacker skill or overall weaker defenses, where organizations with encrypted data are more likely to pay the ransom (71% vs. 45%) when backups are compromised, highlighting the pressure to recover critical data. 

It has been found that ransomware attacks exploiting unpatched vulnerabilities are significantly more expensive and disruptive than those using stolen credentials.

While ransom amounts were similar, organizations were much less likely to have to pay the full ransom themselves when compromised credentials were the entry point. 

Full recovery took significantly longer (over a month for 45% of victims) and cost four times more ($3 million vs. $750K) when vulnerabilities were exploited, likely because patching vulnerabilities and restoring damaged systems is more complex than resetting compromised credentials. 

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...