Firewalls Exploited in 90% of Ransomware Incidents: Cybersecurity Vulnerabilities Exposed

Post Views: 2

Ransomware Incidents Originate from Compromised Firewalls

A recent report from Barracuda has shed light on the critical role firewalls play in ransomware incidents. The Barracuda Managed XDR Global Threat Report, which analyzed over two trillion IT data points, revealed that a staggering 90% of all ransomware incidents in 2025 originated from compromised firewall instances. This finding aligns with other research, such as Sophos’ discovery that network edge devices, including firewalls, account for nearly 30% of initial compromises.

Growing Threat Landscape

The report also highlighted the growing threat landscape, with the number of active ransomware groups reaching unprecedented levels in 2025. Victim growth doubled since 2024, with notable incidents involving SonicWall firewall appliances and the Akira ransomware group, which impacted dozens of organizations.

The exploitation of firewalls by cybercriminals is a concerning trend, as these devices are designed to be the first line of defense against external threats. When compromised, firewalls can provide attackers with a foothold into the network, allowing them to move laterally and ultimately deploy ransomware.

Prevention and Mitigation Strategies

The report’s findings emphasize the need for organizations to prioritize firewall security and implement robust measures to prevent compromise. This includes regularly updating firewall software, implementing strict access controls, and monitoring network traffic for suspicious activity.

Recent Ransomware Incidents

In related news, the Cheyenne and Arapaho Tribes government in Oklahoma has been extorted by the Rhysida ransomware gang, which is demanding 10 bitcoin, or nearly $660,000, following a ransomware intrusion that disrupted the tribe’s schools and critical systems. This incident highlights the devastating impact of ransomware on organizations and the need for effective prevention and mitigation strategies.

New Phishing Kits and Malware

The growing threat of ransomware has also led to the development of new phishing kits, such as the Starkiller kit, which exploits legitimate login pages of popular platforms, including Microsoft, Google, and Apple. This kit is designed to steal user credentials, which can be used to gain unauthorized access to networks and deploy ransomware.

Furthermore, the Remcos RAT malware has been updated with new features, including real-time surveillance and keystroke transmission capabilities, as well as increased stealth via modular DLL plugins and encrypted command-and-control channels. This malware has been widely exploited and poses a significant threat to organizations.

Staying Informed and Adapting Security Strategies

As the threat landscape continues to evolve, it is essential for organizations to stay informed and adapt their security strategies to prevent and mitigate ransomware attacks. This includes implementing robust security measures, such as regular software updates, strict access controls, and network monitoring, as well as developing effective incident response plans to minimize the impact of an attack.