Firewalls failed under ransomware assault in nine out of ten cases analyzed by Barracuda Networks. The company’s 2025 Managed XDR Global Threat Report, drawn from thousands of real-world security incidents, pinpoints unpatched vulnerabilities and compromised credentials as the prime entry points.

Attackers moved fast. In the quickest incident, they breached a network and locked down data with encryption within three hours. That speed slashed response times for defenders, Barracuda officials said.

Lateral movement came before ransomware deployment in 96% of breaches. Hackers roamed networks undetected, often abusing legitimate tools like remote access software. They targeted unprotected devices and weak spots including outdated encryption, disabled endpoint security, and odd login patterns tied to privileged accounts.

One in ten detected flaws carried known exploits. CVE-2013-2566 stood out—a 2013 vulnerability tied to an obsolete encryption algorithm still plaguing legacy systems and embedded devices. “Persistent exposure in these areas leaves organizations wide open,” the report states.

Supply chain risks climbed sharply too. Third-party connections amplified attack surfaces, letting threats jump from vendor networks into core operations. Barracuda stressed that firewalls, meant as frontline shields, crumbled when software updates lagged or accounts fell to phishing and weak passwords.

Organizations faced a grim tally. The report covers incidents from Barracuda’s managed detection and response service, blending endpoint, network and cloud telemetry. Attackers leaned on living-off-the-land techniques, blending into normal traffic with admin tools and scripts.

Disabled protections worsened matters. Some endpoints ran without active defenses, easing initial footholds. Unusual access—think logins from odd locations or times—signaled trouble, yet went unchecked in many cases.

Barracuda urged urgent patches and stricter access controls. Firewalls need constant scrutiny, especially for embedded systems hard to update. The report calls out rising supply chain hits as a red flag for global firms.

These findings echo broader cybersecurity warnings. Ransomware groups refine tactics yearly, targeting critical infrastructure from factories to hospitals. Barracuda’s data shows firewalls no longer suffice alone; layered defenses and real-time monitoring prove essential.

Officials at the security firm predict more such exploits ahead unless patching accelerates. Legacy gear, often overlooked, remains a soft target. The three-hour encryption sprint highlights why delays prove deadly.