On-premises VPNs up odds of ransomware victimization

The Register reports that organizations leveraging on-premises VPN devices and routers had a significantly higher risk of being impacted by ransomware intrusions within 15 months, compared with those utilizing cloud-based VPNs or those that did not have VPNs.

Usage of Citrix or Cisco VPNs was associated with the greatest odds of ransomware victimization, followed by SonicWall, Palo Alto Global Protect, and Fortinet, according to a report from cyberinsurance and managed detection and response solutions provider At-Bay.

Additional findings showed that 83% of ransomware incidents involved VPNs, and 80% began with a remote access compromise. It also cited a 300% increase in Akira ransomware attacks targeting SonicWall devices during Q3 2025, linked to CVE-2024-40766. Adam Tyra, At-Bay's chief information security officer for customers, said on-premises VPN devices are "complex and require consistent maintenance," with outdated configurations and missed patches increasing risk.

"Companies relying on on-premises VPN devices from vendors like Cisco and Citrix should strongly consider transitioning to modern cloud-based, remote access solutions," Tyra said.