Ransomware incidents continue to increase in frequency and severity, with attacks rising 20 percent in 2024 and VPNs seen as the biggest contributor, according to a new report by insurance security provider At-Bay.

Mid-sized companies generating $25-100 million in revenue were found to be hit hardest, with a reported 46 percent increase in attacks.

According to its 2025 InsurSec Report, At-Bay claims data analysis revealed severity of ransomware attacks increased by 13 percent.

Businesses impacted by attacks on vendors and partners increased 43 percent, while the average cost of these third-party incidents jumped by 72 percent.

The data found that ransomware returned to 2021 levels, with the frequency of attacks increasing by 19 percent in 2024 versus 2023.

Losses related to a ransomware attack on a third-party vendor or partner increased by more than 40 percent, with costs jumping 72 percent to $241,000.

Close to 50 ransomware groups were implicated in attacks in 2024, three times the number in 2021. At-Bay estimated this resulted in higher volatility in ransom demands and lower reliability in negotiations.

The vast majority of ransomware started with an attack on a remote access tool, which contributed to 80 percent of attacks. VPNs alone accounted for two-thirds (66 percent) of all ransomware attacks.

Overall claims frequency increased by 16 percent in 2024. This increase was evidenced across all revenue bands, with larger companies experiencing the largest increase, the analysis found.

Email was the preferred entry vector for cyber criminals, driving 43 percent of claims.

Financial fraud remained the most common incident type, accounting for 32 percent of all claims. Four of out of 5 (83 percent) financial fraud claims began with email.

At-Bay customers paid out on just 31 percent of ransoms in 2024. This totaled $146M in unpaid ransoms.

When a policyholder decided to pay a ransom, the price was often negotiated down by more than half – the average ransom demand was $957,000, and the average ransom paid was $317,000.

Policyholders were able to claw back $49M in stolen funds from financial fraud, the report added.

“Remote access tools like VPNs and RDP continue to attract a high level of attention from cybercriminals. In 2024, they were correlated with 80 percent of ransomware attacks, up from 63 percent percent the year prior,” said Adam Tyra, chief information security officer for Customers at At-Bay. “VPNs alone were a factor in 2 of 3 ransomware incidents. This problem isn’t going away for mid-market businesses. They need to upgrade to safer alternatives or consider getting support with patching and configuration management to lower their risk from operating these tools.”