Ransomware attacks are on the rise, with a growing number of organizations across a broad spectrum of industries becoming ensnared in its wide-reaching tentacles.
Although cybercriminals continue to exploit vulnerabilities in standard networking and software products, 2024 marked a shift in the line of attack.
Last year, hackers found success with attacks of scalability, targeting easily accessible weaknesses that they could repeatedly hit, such as virtual private network (VPN) accounts, according to a newly released Q4 2024 Cyber Threat Report from insurer Travelers.
The Travelers’ report also found that 55 new ransomware groups emerged in 2024, marking a 67 percent year-over-year jump in the formation of ransomware groups.
A just-released report by insurance provider Coalition backs up the findings.
Most ransomware attacks in 2024 (58 percent) started with hackers gaining a foothold through perimeter security controls like VPNs or firewalls, according to Coalition’s Cyber Threat Index 2025.
In 2024, a total of 5,243 ransomware victims were posted on leak sites (dark web sites used by threat actors for financial gain), reflecting a 15 percent increase from the 4,548 incidents recorded in 2023, the Travelers report revealed.
Globally, these attacks directly led to the loss of $133.5 million in ransoms paid in 2024, and the exposure of more than 195 million records, according to Forbes.
After reading this article, you’ll learn why hackers are now targeting VPN accounts. You’ll also learn ways you can safeguard your network and sensitive information from being compromised or stolen.
A VPN creates a secure tunnel between your business devices and server over the public internet, to allow you to share files and other information securely without fear of prying eyes, interference, or theft.
By encrypting the data as it travels across your network, a VPN is meant to protect your organization from malware, phishing schemes, and other cyber threats. A VPN encrypts your browsing history and masks your IP address.
Related Article: What Are The Pillars Of Zero Trust? How Zero Trust Architecture Works
By routing your communication through a remote server, a VPN hides your online location and helps protect your privacy.
Ransomware groups, however, have discovered that VPN weaknesses give them an easier way to gain unauthorized access.
The Travelers’ report indicates that the idea to strategically target widely-used VPNs with weak credentials emerged back in 2023.
It stems from a leaked ransomware access playbook, written by an “initial access broker” (IAB), or a bad actor who specializes in hacking into and selling access to organizations’ IT systems.
A significant part of this new strategy is the emphasis in actively hunting for weak usernames and passwords on VPN and gateway accounts and those that aren’t protected by multi-factor authentication.
Related Article: 8 Hidden Cyber Risks That Might Be Lurking Within Your IT Environment
Stolen user login information is the holy grail of the cybercrime syndicate. These seemingly minor security gaps are a growing way hackers gain a foothold into your systems, allowing them to roam free once inside.
Ransomware groups are opportunistic. They’re constantly on the prowl for holes within your IT infrastructure as a chance to pounce.
According to the recent insurer reports, exploiting VPN weaknesses has become a key mode of access.
In its latest findings, Coalition reports that across all ransomware claims, hackers were most often successful in gaining initial access through stolen credentials (47 percent) and software exploits (29 percent).
Related Article: Security Keys and Passkeys: How They Protect Your Devices From Threats
VPN vulnerability may seem like an oxymoron. How can something designed to be secure actually lead to a cyber incident?
Some business owners may be lulled by the false belief that VPNs are completely secure. There are a number of ways, however, that VPNs can create security risks.
Global ransomware damage (including against individuals and businesses) is expected to top $265 billion and strike a business, consumer, or device every two seconds by 2031, according to Cybersecurity Ventures’ Cybercrime Magazine.
Ransomware is often the method of choice for hackers because it preys on victims’ desperation to regain control of their compromised data and systems.
They can deal a catastrophic blow to businesses that pay the ransom, and cause other harm, including reputational damage, customer loss, legal issues, and revenue loss.
Paying the ransom doesn’t guarantee your business will be in the clear either.
Twenty-four percent of companies that paid the ransom still couldn’t recover their data following a ransomware attack, according to Veeam, a data backup and disaster recovery software vendor.
With increased funding and technology resources, including artificial intelligence (AI) tools, these malicious actors have been able to carry out a growing number of stealth ransomware attacks with increasing sophistication.
Related Article: Deepfakes And AI Scams: How To Spot Them And Protect Your Business
This means that business must do all they can to stay ahead of potential cyber threats. This includes conducting a risk assessment to uncover hidden vulnerabilities, identifying their assets, performing a gap analysis, and shoring up any weaknesses found within their organization.
Developing strong VPN access control measures will help keep a watchful eye on suspicious traffic to mitigate the chances of bad actors gaining unauthorized access to your data and systems using malware, phishing scams, or other cyberattack.
After reading this article, you now understand why some cybercriminals have shifted away from mass compromise attacks in favor of smaller-scale events that they can perform again and again.
These backdoor work-arounds allow cybercriminals to gain initial access to your systems, such as through your VPN devices, then launch repeated attacks.
While ransomware may be a growing threat, as we've shown above, you can still implement strong security measures to strengthen your defenses against cyber predators to keep your sensitive information out of the wrong hands.
If you’re not sure if your business has the IT support and resources necessary to stay ahead of ransomware and the rapidly changing cyber threat landscape, click the button to get your free, managed IT support services checklist.
If you don’t already have an internal team with the know-how and bandwidth to evaluate your existing cybersecurity posture and implement the right solutions to keep your business safe, then you may be considering partnering with a managed IT service provider (MSP).
If so, as always, we strongly encourage you to do your due diligence to research several MSPs in your area to find the right provider for your business.
If you’re ready to take the next step to begin a conversation about managed IT support, click the button and fill out the short form. We’ll get in touch quickly for a brief chat to learn more about your cybersecurity and IT challenges to see how we can help you solve them.