Barracuda Finds 90% of Ransomware Incidents Exploit Firewalls
Shows How Attackers Target Organisations and The Security Gaps Increasing Risk

Barracuda Networks, Inc., a leading cybersecurity company providing complete protection against complex threats for all size business, has releaseddata showing that 90% of ransomware incidents in 2025 exploited firewalls through unpatched software or a vulnerable account. The fastest ransomware case observed took just three hours to progress from breach to encryption. The findings are detailed in the Barracuda Managed XDR Global Threat Report, which shows how attackers target organisations and the security gaps putting systems at risk.
Drawn from thousands of real-world security incidents, the findings show how attackers exploit legitimate IT tools such as remote access software and leverage unprotected devices. They also reveal the risks of outdated encryption, disabled endpoint security and more, and highlight the warning sirens of unusual login or privileged access behaviors.
Key Findings of Barracuda Ransomware Research
The Barracuda report on ransomware found that 90% of ransomware incidents exploited firewalls through a CVE (a classified software vulnerability), or a vulnerable account. Attackers can use this to gain access and control over the network and bypass its protection, hiding malicious traffic and activity.
The fastest ransomware case observed involved Akira ransomware and took just three hours to progress from breach to encryption, leaving defenders with minimal opportunity to detect and respond.
Barracuda also found that one in 10 detected vulnerabilities had a known exploit, showing that attackers are actively weaponising software bugs, often in the supply chain – underlining the importance of identifying and addressing unpatched software.
According to the report, the most widely detected vulnerability is CVE-2013-2566, an outdated encryption algorithm that can be found in legacy systems such as old servers or embedded devices or applications.
Barracuda also found that 96% of incidents involving lateral movement ended with the release of ransomware, highlighting how lateral movement marks the moment when attackers hiding on an unprotected endpoint break cover, representing the biggest red flag of an unfolding ransomware attack.
Attacking the Supply Chain
Additionally, the report also shows how 66% of incidents involved the supply chain or a third party (up from 45% in 2024) as attackers exploit weaknesses in third-party software to breach defenses and extend their reach.
“Organisations and their security teams—especially if that ‘team’ is a single IT professional – face an immense challenge. With limited resources and fragmented security tools, they must safeguard identities, assets and data from an evolving threat landscape and attacks that can unfold in a matter of hours,” said Merium Khalid, Director, SOC Offensive Security at Barracuda.
“What makes targets vulnerable is often easy to overlook—a single rogue device, an account that wasn’t disabled when someone left, a dormant application that hasn’t been updated, or a misconfigured security feature. Attackers only need to find one to succeed. An integrated, AI-powered and autonomous security solution with the management and support taken care of by experts can make all the difference.”
The findings detailed in the report are based on Barracuda Managed XDR’s vast dataset of more than two trillion IT events collected during 2025, nearly 600,000 security alerts and more than 300,000 protected endpoints, firewalls, servers, cloud assets, and more.
Read the full report here: https://www.barracuda.com/reports/managed-xdr-global-threat-report.



