Ransomware in 2025: Persistent Threats, Predictable Tactics, and Proactive Defenses
Ransomware remains a pressing concern for businesses in 2025, yet a recent report reveals that the tactics used by cybercriminals have not significantly evolved.
Jenny Holly Hansen
Ransomware remains a pressing concern for businesses in 2025, yet a recent report by Coalition, a cyber insurance and security provider, reveals that the tactics used by cybercriminals have not significantly evolved. While this may be unsettling news for businesses, it presents an opportunity for insurers, brokers, and organizations to take proactive steps against these well-documented threats.
The Most Common Entry Points for Ransomware
Coalition’s Cyber Threat Index 2025 highlights that compromised credentials remain the most common initial attack vector (IAV) in ransomware incidents, accounting for 47% of known cases. Stolen credentials, whether obtained through brute-force password guessing or phishing attacks, typically target virtual private networks (VPNs) and remote desktop products, allowing threat actors privileged access to internal systems.
Brute-force attacks alone accounted for 42% of compromised credentials, with cybercriminals attempting thousands of authentication attempts before successfully breaching a system. Meanwhile, phishing and malware-enabled credential theft were also key contributors, making it difficult for investigators to always pinpoint the exact method of compromise.
Software exploits ranked as the second most commonly known attack vector, with multiple vulnerabilities identified across platforms such as Ivanti, Fortinet, Cisco, Microsoft Exchange Email Server, and open-source Linux web servers. These exploits allow attackers to take advantage of unpatched software flaws to gain access to corporate networks.
Social engineering was the third most common attack vector, often conducted via email. Common tactics used by cybercriminals include:
- Manipulating employees into installing remote access technology.
- Tricking users into clicking malicious links that install malware.
- Impersonating legitimate software to induce accidental malware installation.
- Phishing employees into revealing credentials.
Additional attack vectors included misconfigured cloud environments, Google advertisement-based drive-by-download attacks, and supply chain breaches, all of which provide new avenues for cybercriminals to deploy ransomware.
Technologies Most Exploited in Ransomware Attacks
In 2024, most ransomware claims (58%) resulted from attackers compromising perimeter security appliances such as VPNs and firewalls. These systems serve as the first line of defense for businesses but remain vulnerable to outdated configurations and security gaps.
Remote desktop products—used by IT service providers to access employees’ computers—were the second-most exploited technology at 18%. The same features that make these tools valuable for remote work also allow hackers to gain control over a system, download ransomware, and launch attacks.
Email remained the third most commonly exploited technology, reinforcing the importance of employee education on phishing and social engineering tactics.
The Future of Ransomware Prevention
The Canadian government has officially recognized cyber threats as a national security issue, emphasizing the need for businesses to stay vigilant. However, as Coalition’s report points out, ransomware tactics have not drastically changed.
“While ransomware is a serious concern for all businesses, these insights demonstrate that threat actors’ ransomware playbook hasn’t evolved all that much—they’re still going after the same tried and true technologies with many of the same methods,” said Alok Ojha, Coalition’s head of products and security.
This lack of innovation in cybercriminal methods means that businesses can develop a predictable and effective defense strategy. Organizations should prioritize mitigating the riskiest security issues first, including:
- Continuous attack surface monitoring to detect vulnerabilities.
- Employee education on social engineering and phishing tactics.
- Implementation of 24/7 system monitoring to identify suspicious activity.
- Regular patching and updates to prevent software exploits.
Challenges Ahead for Businesses
Despite available solutions, small-to-medium-sized businesses (SMBs) often lack the resources to implement comprehensive cybersecurity strategies. With an estimated 45,000 new software vulnerabilities expected to be published in 2025, companies will face increasing challenges in keeping their systems secure.
A structural shift is needed in how software vendors handle security. Coalition predicts that the insurance industry will lead initiatives that push vendors to take greater responsibility for securing their products. However, these changes will take time to implement.
In the meantime, businesses must remain proactive. By understanding how ransomware attacks are conducted and where vulnerabilities lie, organizations can significantly reduce their risk. Investing in cybersecurity now is essential to staying protected in an increasingly digital world.
_______________________________________________________
Jenny is a business insurance broker with Waypoint Insurance. She can be reached at 604-317-6755 or jhansen@waypoint.ca. Connect with Jenny on LinkedIn at https://www.linkedin.com/in/jenny-holly-hansen-365b691b/. Connect with Jenny at BlueSky: https://bsky.app/profile/jennyhollyhansen.bsky.social
Jenny Holly Hansen is a cohost with Chris Sturges of the Langley Impact Networking Group. You are welcome to join us on Thursday’s from 4pm to 6pm at: Sidebar Bar and Grill: 100b - 20018 83A Avenue, Langley, BC V2Y 3R4
Tags: #Jenny Holly Hansen # Ransomware #Cyber Security #Initial Attack Vector (IAV) #Social Engineering #Phishing Attacks
Members Discussion