Barracuda Report Reveals 90 percent of Ransomware Attacks Exploit Firewall Vulnerabilities

Feb. 26: Barracuda Networks, Inc., a leading cybersecurity company providing complete protection against complex threats for all size business, has released data showing that 90% of ransomware incidents in 2025 exploited firewalls through unpatched software or a vulnerable account. The fastest ransomware case observed took just three hours to progress from breach to encryption. The findings are detailed in the Barracuda Managed XDR Global Threat Report, which shows how attackers target organizations and the security gaps putting systems at risk.

Drawn from thousands of real-world security incidents, the findings show how attackers exploit legitimate IT tools such as remote access software and leverage unprotected devices. They also reveal the risks of outdated encryption, disabled endpoint security and more, and highlight the warning sirens of unusual login or privileged access behaviors.

Key findings

• 90% of ransomware incidents exploited firewalls through a CVE (a classified software vulnerability) or vulnerable account. Attackers can use this to gain access and control over the network and bypass its protection, hiding malicious traffic and activity.
• The fastest ransomware case observed involved Akira ransomware and took just three hours from breach to encryption. Such compressed timelines can leave defenders with minimal opportunity to detect and respond.
• One in 10 detected vulnerabilities had a known exploit. Attackers are actively weaponizing software bugs, often in the supply chain — and the importance of identifying and addressing unpatched software cannot be overstated.
• The most widely detected vulnerability dates to 2013.CVE-2013-2566 is a flaw in an outdated encryption algorithm that can be found in legacy systems such as old servers or embedded devices or applications.
• 96% of incidents involving lateral movement ended with the release of ransomware. Lateral movement marks the moment when attackers hiding on an unprotected endpoint break cover, and it represents the biggest red flag of an unfolding ransomware attack.
• 66% of incidents involved the supply chain or a third party (up from 45% in 2024) as attackers exploit weaknesses in third-party software to breach defenses and extend their reach.

The report includes practical steps that organizations and the managed service providers that support them can take to address and reduce risk.

“Organizations and their security teams — especially if that ‘team’ is a single IT professional — face an immense challenge. With limited resources and fragmented security tools, they must safeguard identities, assets and data from an evolving threat landscape and attacks that can unfold in a matter of hours,” said Merium Khalid, Director, SOC Offensive Security at Barracuda. “What makes targets vulnerable is often easy to overlook — a single rogue device, an account that wasn’t disabled when someone left, a dormant application that hasn’t been updated, or a misconfigured security feature. Attackers only need to find one to succeed. An integrated, AI-powered and autonomous security solution with the management and support taken care of by experts can make all the difference.”

The findings detailed in the report are based on Barracuda Managed XDR’s vast dataset of more than two trillion IT events collected during 2025, nearly 600,000 security alerts and more than 300,000 protected endpoints, firewalls, servers, cloud assets, and more.