90% of ransomware exploited firewalls in 2025: Barracuda Report

Barracuda Networks has revealed that 90% of ransomware incidents in 2025 exploited firewalls through unpatched software or vulnerable accounts, underscoring the growing risks tied to misconfigured and outdated security infrastructure. The findings are detailed in the Barracuda Managed XDR Global Threat Report, based on analysis of thousands of real-world security incidents.

The report highlights how attackers are increasingly leveraging legitimate IT tools such as remote access software, exploiting supply chain vulnerabilities, and targeting unprotected endpoints to bypass traditional defences. Alarmingly, the fastest ransomware case observed, linked to Akira ransomware, progressed from breach to encryption in just three hours, leaving minimal response time for defenders.

Key Cybersecurity Findings from 2025

• 90% of ransomware attacks exploited firewall vulnerabilities, often through a CVE (Common Vulnerabilities and Exposures) or compromised account credentials.

• Fastest ransomware timeline: 3 hours, demonstrating compressed attack windows.

• 10% of detected vulnerabilities had known exploits, showing active weaponisation of software flaws.

• CVE-2013-2566, a vulnerability dating back to 2013 tied to outdated encryption algorithms, remains widely detected in legacy systems.

• 96% of lateral movement incidents ended in ransomware deployment, marking lateral movement as a critical red flag.

• 66% of incidents involved third-party or supply chain vectors, up from 45% in 2024.

The findings are drawn from Barracuda Managed XDR’s dataset of over two trillion IT events in 2025, nearly 600,000 security alerts, and more than 300,000 protected endpoints, firewalls, servers and cloud assets globally.

Supply Chain and Legacy Systems: Growing Risk Factors

The sharp increase in supply chain-related incidents highlights the expanding attack surface created by interconnected ecosystems. Attackers are actively exploiting vulnerabilities in third-party software to infiltrate enterprise networks.

Additionally, outdated encryption and legacy infrastructure remain significant weak points. The continued presence of CVE-2013-2566 in enterprise environments demonstrates the risks associated with unpatched systems and embedded legacy applications.

Expert Insight

Merium Khalid, Director, SOC Offensive Security at Barracuda, noted that many organisations remain vulnerable due to overlooked risks such as rogue devices, inactive user accounts, dormant applications and misconfigured security settings. She emphasised that attackers only need a single weakness to succeed.

The report advocates for integrated, AI-powered and autonomous security solutions to enhance visibility, detect anomalous login behaviour, prevent lateral movement and protect identities and critical assets in real time.

Read More:

Cisco 360 Partner Program and Cloud-AI enterprise transformation

Lenovo AI channel strategy: How Lenovo 360 is transforming partner growth in the AI era

AI PCs and the channel shift: Hype to reality