Explore the ransomware playbook and common attack tactics

Ransomware can have devastating impacts on an individual business, and its impacts can cascade far beyond the initial victim. When aggregated across an economy, ransomware represents a national security problem. 

Yet, ransomware attacks are rarely innovative. Most incidents follow a playbook that can be studied by defenders.

The Cyber Threat Index 2025 examines the ransomware playbook and provides actionable insights on how businesses can protect themselves. Key findings from this year’s report:

• Most ransomware attacks started with the compromise of perimeter security appliances (58%) or remote desktop protocol (18%)
• Compromised credentials (47%) and software exploits (29%) were the leading initial access vectors in ransomware attacks
• 5 million+ internet-exposed remote management solutions and tens of thousands of exposed login panels were detected across the internet
• Coalition forecasts 45,000+ software vulnerabilities will be published in 2025

Explore the ransomware playbook and common attack tactics. Download Coalition’s Cyber Threat Index 2025 today.