To deploy a ransomware attack, adversaries must first gain access to a victim’s corporate environment, devices, and data. Threat actors typically use two main approaches to gain entry: logging in using compromised credentials, i.e., legitimate access data that had previously been stolen, and exploiting vulnerabilities in applications and tools used by the business. Other less common modes of entry include brute force attacks, supply chain compromise, malicious emails/documents, and adware. Phishing features heavily in ransomware attacks but is primarily used to steal the credentials later used to log in to the organization. This report highlights how ransomware outcomes differ depending on the root cause of the attack. It compares the severity, financial cost, and operational impact of attacks that start with an exploited vulnerability with those where adversaries use compromised credentials to penetrate the organization. It also identifies the industry sectors most and least commonly exploited.
Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector
