New Report Reveals Exploited Vulnerabilities as Leading Cause of Ransomware Attacks on Organizations

A groundbreaking report titled “The State of Ransomware 2025” by Sophos, released in June 2025, has shed light on the persistent and evolving threat of ransomware attacks targeting organizations worldwide.

The study, based on responses from 3,400 victims, identifies exploited vulnerabilities as the predominant technical root cause of these attacks for the third consecutive year, accounting for 32% of incidents.

This statistic underscores a critical gap in patch management and system hardening practices across industries.

Technical Root Causes Under Scrutiny

Following closely behind, compromised credentials contribute to 23% of attacks, down from 29% in 2024, while malicious emails and phishing attempts remain significant vectors at 19% and 18%, respectively.

These findings highlight the multifaceted nature of ransomware entry points, emphasizing the need for robust endpoint security and user awareness training to mitigate initial access risks.

Delving deeper into operational factors, the report reveals that ...