Exploited Security Flaws Behind Most Ransomware Attacks
A new global report has revealed that most ransomware attacks on companies are happening because of exploited vulnerabilities. These are weaknesses in a company’s computer systems that hackers can break into, like unlocked doors.
According to the State of Ransomware 2025 report, 32% of successful ransomware attacks came from hackers taking advantage of these flaws. This is the third year in a row that this method has been the most common way for ransomware attacks to begin.
The report is based on answers from 3,400 IT and cybersecurity professionals across 17 countries. It gives a close look into how cybercriminals are attacking and how much damage they’re doing to businesses all over the world.
Even though there are signs that companies are getting better at fighting back, ransomware is still costing organizations a lot of money. The average cost to recover from an attack was $1.53 million—and that doesn’t even include the ransom money some companies paid to the attackers.
Attackers Are Using Multi-Step Methods
The report shows that today’s ransomware attackers are more organized and smarter than ever before. They start by looking for systems connected to the internet that have not been updated or fixed—especially web applications, remote desktop tools, and VPN systems.
Once they find a way in, they don’t attack right away. First, they watch and learn. They move around inside the company’s computer system, figure out where the important data is, and prepare carefully.
Then they use encryption—locking up the data so it can’t be used unless a ransom is paid. But in 2025, only 50% of ransomware attacks ended with the data being encrypted, compared to 70% in 2024. This drop means some companies are now better prepared to block the attackers before they can lock up files.
₹1,087 Crore Lost to UPI Frauds Triggers Action By RBI and NPCI
Still, hackers are finding ways to stick around longer. They create backdoor accounts, install special remote tools to control systems, and change computer settings to stay hidden. This makes it hard for companies to kick them out, even after the weak spots are patched.
Big companies are especially at risk. The report says organizations with 3,001 to 5,000 employees had the highest rates of data encryption, reaching 65%. Meanwhile, smaller businesses were better at containing the damage, possibly because their systems are simpler or easier to secure.
Unknown Gaps Make Companies Easy Targets
The report found that technical issues alone don’t explain the full picture. Most victims had more than one problem that helped the attack succeed. On average, there were 2.7 different issues involved in each successful ransomware event.
The most common issue was a lack of cybersecurity skills inside the company. Around 40.2% of the victims said their teams didn’t have enough knowledge to stop the attack. Another 40.1% admitted they had security gaps they didn’t even know about, and 39.4% said they didn’t have enough staff to manage cybersecurity properly.
These problems create perfect conditions for attackers. When companies don’t have trained people, or they don’t know where their weak spots are, hackers have an easier time sneaking in.
Lazarus Rises Again: $4.2 Million Crypto Stolen in NFT Scam and Solana-to-Ethereum Swindle
Even though the average ransom paid dropped to $1,324,439 in 2025, the total cost of the attack is still huge. This includes fixing broken systems, pausing operations, and working to get everything back to normal.
In many cases, paying the ransom is only a small part of the cost. The real damage comes from the time and effort it takes to clean up after the attack. That’s why many experts say it’s better to prevent attacks than to react to them afterward.
The report clearly shows how dangerous exploited vulnerabilities can be. And it highlights how a mix of technical problems and human challenges is helping ransomware continue to spread in the business world.
