A recent report by Sophos reveals that compromised logins have become the leading entry point for ransomware attacks, accounting for 79% of incidents. Initially, malicious emails were the entry point in 26% of cases, a rise from 19% in 2025. Phishing attacks, responsible for 24% of incidents, and brute force attacks, at 23%, followed. The number of attacks exploiting known security vulnerabilities has significantly decreased from 32% to 18%.
Furthermore, organizations typically use their own backups (66%) to recover data from attacks, with the median ransom demand dropping significantly to $698,000. It is suggested that organizations improve identity threat detection and response measures to prevent such attacks.