Ransomware Target: How Secure Is Your Virtual Private Network (VPN)?

Ransomware attacks are on the rise, with a growing number of organizations across a broad spectrum of industries becoming ensnared in its wide-reaching tentacles.

Although cybercriminals continue to exploit vulnerabilities in standard networking and software products, 2024 marked a shift in the line of attack.

Last year, hackers found success with attacks of scalability, targeting easily accessible weaknesses that they could repeatedly hit, such as virtual private network (VPN) accounts, according to a newly released Q4 2024 Cyber Threat Report from insurer Travelers.

The Travelers’ report also found that 55 new ransomware groups emerged in 2024, marking a 67 percent year-over-year jump in the formation of ransomware groups.

A just-released report by insurance provider Coalition backs up the findings.

Most ransomware attacks in 2024 (58 percent) started with hackers gaining a foothold through perimeter security controls like VPNs or firewalls, according to Coalition’s Cyber Threat Index 2025.

In 2024, a total of 5,243 ransomware victims were posted on leak sites (dark web sites used by threat actors for financial gain), reflecting a 15 percent increase from the 4,548 incidents recorded in 2023, the Travelers report revealed.

Globally, these attacks directly led to the loss of $133.5 million in ransoms paid in 2024, and the exposure of more than 195 million records, according to Forbes.

After reading this article, you’ll learn why hackers are now targeting VPN accounts. You’ll also learn ways you can safeguard your network and sensitive information from being compromised or stolen.

What Are Virtual Private Networks (VPNs) And Why Are They Being Targeted?

A VPN creates a secure tunnel between your business devices and server over the public internet, to allow you to share files and other information securely without fear of prying eyes, interference, or theft.

By encrypting the data as it travels across your network, a VPN is meant to protect your organization from malware, phishing schemes, and other cyber threats. A VPN encrypts your browsing history and masks your IP address.

Related Article: What Are The Pillars Of Zero Trust? How Zero Trust Architecture Works

By routing your communication through a remote server, a VPN hides your online location and helps protect your privacy.

Ransomware groups, however, have discovered that VPN weaknesses give them an easier way to gain unauthorized access.

The Travelers’ report indicates that the idea to strategically target widely-used VPNs with weak credentials emerged back in 2023.

It stems from a leaked ransomware access playbook, written by an “initial access broker” (IAB), or a bad actor who specializes in hacking into and selling access to organizations’ IT systems.

A significant part of this new strategy is the emphasis in actively hunting for weak usernames and passwords on VPN and gateway accounts and those that aren’t protected by multi-factor authentication.

Related Article: 8 Hidden Cyber Risks That Might Be Lurking Within Your IT Environment

Stolen user login information is the holy grail of the cybercrime syndicate. These seemingly minor security gaps are a growing way hackers gain a foothold into your systems, allowing them to roam free once inside.

What Hidden VPN Vulnerabilities Are Hackers Targeting?

Ransomware groups are opportunistic. They’re constantly on the prowl for holes within your IT infrastructure as a chance to pounce.

According to the recent insurer reports, exploiting VPN weaknesses has become a key mode of access.

In its latest findings, Coalition reports that across all ransomware claims, hackers were most often successful in gaining initial access through stolen credentials (47 percent) and software exploits (29 percent).

Related Article: Security Keys and Passkeys: How They Protect Your Devices From Threats

VPN vulnerability may seem like an oxymoron. How can something designed to be secure actually lead to a cyber incident?

Some business owners may be lulled by the false belief that VPNs are completely secure. There are a number of ways, however, that VPNs can create security risks.

Some common VPN security flaws include:

Authentication issues

• This is a widespread security vulnerability that is caused when employees use the default usernames and passwords on devices and applications like admin, password, or 123.
  
  
• It can also be caused by using common, easily-guessable passwords

Weak encryption protocols

• When your VPN service is using outdated, insecure, or poorly configured encryption methods, it creates an opening for hackers to intercept your online activity, leaving your sensitive data ripe for exposure.

Domain name system (DNS) leaks

• This major security issue occurs when your employees’ browsing history is unintentionally shared with their internet service provider (ISP) DNS servers, even though it’s supposed to be hidden while using a secure VPN connection.
  
  
• It means that a user’s browsing history and information can be exposed.

Zero day vulnerabilities

• These attacks target your VPN service provider to exploit an emerging security weakness before a fix is available.
  
  
• Businesses rely on dependable VPNs for maximum uptime and network security, but hackers can take advantage of weaknesses to launch zero day attacks.

Remote access VPNs and mobile access

• Remote access VPNs allow employees to securely connect to your company server from anywhere after proper authentication.
  
  
• Mobile access refers to your employees using mobile devices such as laptops, tablets, or cell phones to access your network.
  
  
• Both methods of access can lead to security breaches if there are weaknesses within them.

Why You Shouldn’t Ignore The Rising Incidence Of Ransomware Attacks

Global ransomware damage (including against individuals and businesses) is expected to top $265 billion and strike a business, consumer, or device every two seconds by 2031, according to Cybersecurity Ventures’ Cybercrime Magazine.

Ransomware is often the method of choice for hackers because it preys on victims’ desperation to regain control of their compromised data and systems.

They can deal a catastrophic blow to businesses that pay the ransom, and cause other harm, including reputational damage, customer loss, legal issues, and revenue loss.

Paying the ransom doesn’t guarantee your business will be in the clear either.

Twenty-four percent of companies that paid the ransom still couldn’t recover their data following a ransomware attack, according to Veeam, a data backup and disaster recovery software vendor.

Protecting Your Business Against Ransomware Attacks

With increased funding and technology resources, including artificial intelligence (AI) tools, these malicious actors have been able to carry out a growing number of stealth ransomware attacks with increasing sophistication.

Related Article: Deepfakes And AI Scams: How To Spot Them And Protect Your Business

This means that business must do all they can to stay ahead of potential cyber threats. This includes conducting a risk assessment to uncover hidden vulnerabilities, identifying their assets, performing a gap analysis, and shoring up any weaknesses found within their organization.

Developing strong VPN access control measures will help keep a watchful eye on suspicious traffic to mitigate the chances of bad actors gaining unauthorized access to your data and systems using malware, phishing scams, or other cyberattack.

13 Ways To Help Ensure VPN Security For Your Business:

1. Choose a trustworthy provider

• When it comes to VPN security, the first step is doing your research and choosing a reliable and reputable VPN service provider.

2. Identify assets and users

• Take inventory of your users and VPN devices to establish proper authentication and access controls for identified devices and employees.

3. Develop an access policy

• Once you’ve identified and categorized your assets, key stakeholders, and users, you can establish and implement VPN access control policies for your organization based on your business needs and available IT resources.

4. Define VPN connection parameters

• Establish the VPN connection settings and credentials necessary to secure the connection between your devices and VPN server, including the VPN server address, encryption protocol, bandwidth limit, port number, session duration, and authentication credentials, among other settings.
  
  
• These VPN connection parameters help safeguard your data while in transit.

5. Establish strong access controls

• Set up the VPN access control rules needed to ensure secure communication between your employees, customers, vendors, partners, and others.
  
  
• These controls should cover such key factors as: which devices and users are allowed access to certain information; the ports, services, applications, and protocols that are allowed; as well as any IP addresses that you want to block.

6. Ensure data encryption

• Ensure that your VPN provider uses strong data encryption to prevent your sensitive information and web traffic from being spied on or intercepted.

7. Use multi-factor authentication

• Use multi-factor authentication (MFA) or two-factor authentication (2FA) as part of your robust access control measures for an extra layer of protection.

8. Assess VPN activity

• Regularly monitor and evaluate your VPN activity, performance, and security incidents in order to properly assess the health and effectiveness of your VPN access controls.

9. Enable software updates

• Allow automatic software updates to ensure you’re using the latest version, including critical security patches for any new and emerging vulnerabilities that are discovered.

10. Implement intrusion detection system (IDS)

• An IDS is key to network security because it continually scans your network traffic and devices for abnormal or malicious activity, then sends an alert to your security team for further evaluation.

11. Adopt next-generation firewalls

• Modern firewalls help protect your systems against unauthorized intrusion and malicious traffic by examining incoming and outgoing traffic. They use pre-set security parameters to block potentially harmful activity.

12. Install antivirus and anti-malware software

• Advanced anti-virus tools can identify, block, and remove suspicious files.
  
  
• Anti-malware software continuously scans your devices in the background to check for malicious files or programs. They can defend before, contain during, and help remediate after a cyber incident.
  
  
• Implement an automatic update schedule to ensure that your antivirus and anti-malware software stays up to date.

13. Provide employee training 

• Educate your employees on your VPN policies and procedures so they know what to do and what not to do when it comes to using your VPN, whether working on site or remotely.
  
  
• Provide employee cybersecurity awareness training, which should include monthly learning modules, phishing simulations, and best practices education like using strong passwords.

The Bottom Line With Protecting Your Organization's VPN Security

After reading this article, you now understand why some cybercriminals have shifted away from mass compromise attacks in favor of smaller-scale events that they can perform again and again.

These backdoor work-arounds allow cybercriminals to gain initial access to your systems, such as through your VPN devices, then launch repeated attacks.

While ransomware may be a growing threat, as we've shown above, you can still implement strong security measures to strengthen your defenses against cyber predators to keep your sensitive information out of the wrong hands.

If you’re not sure if your business has the IT support and resources necessary to stay ahead of ransomware and the rapidly changing cyber threat landscape, click the button to get your free, managed IT support services checklist.

If you don’t already have an internal team with the know-how and bandwidth to evaluate your existing cybersecurity posture and implement the right solutions to keep your business safe, then you may be considering partnering with a managed IT service provider (MSP).

If so, as always, we strongly encourage you to do your due diligence to research several MSPs in your area to find the right provider for your business.

If you’re ready to take the next step to begin a conversation about managed IT support, click the button and fill out the short form. We’ll get in touch quickly for a brief chat to learn more about your cybersecurity and IT challenges to see how we can help you solve them.