The Number of Vulnerabilities Associated with Ransomware Grows 426% Over Three Years

Ransomware Vulnerability With only 57 vulnerabilities tied to ransomware back in 2019, the most recent data from security vendor Ivanti shows that number predicted to be over 300 by the end of 2022.

It’s one thing to have high-level details on attack methods, but new data from Ivanti’s Ransomware Index Report Q2‑Q3 2022 shows how vulnerabilities have grown in use and are currently being used as part of ransomware attacks today.

According to the report, the number of vulnerabilities affecting vendor products rose 500% from 19 in 2019 to 114 in 2022. This comes at a time when the number of ransomware families in Q3 of this year has reached a total of 170.

The report also highlights 323 vulnerabilities that, together, make up 57 complete attack kill chains – from initial access to exfiltration and impact (read: encryption)

The Number of Vulnerabilities Associated with Ransomware Grows 426% Over Three Years

Source: Ivanti Ransomware Index Report Q2‑Q3 2022

According to the report, over 100 vulnerabilities exist in applications and browsers that ransomware gangs are looking to take advantage of via phishing attacks, making it imperative that – in addition to vulnerability management initiatives – organizations take the need for security awareness training seriously to help reduce the risk that users will engage with phishing emails designed to kick off vulnerability-based ransomware attacks.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

Here's how it works: