Identity-based access becomes the leading ransomware initial-access trend in 2026
Trend
Summary
Hide ▲
Show ▼
Identity-based attacks became the leading ransomware initial-access trend, raising the risk of credential abuse and legitimate login misuse across affected networks. Sophos found 79% of ransomware incidents traced back to compromised identities, while exploitation of known vulnerabilities fell to 18% in 2026. The shift shows attackers are favoring easier access paths such as phishing, malicious email, and brute force over exploit-driven entry.
Related Happenings
Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance
Threat Actor Meta
H score67
First: 03.07.2026 14:30
Last: 03.07.2026 14:30
Sources 1
About this happening:
**Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...
Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance
Threat Actor MetaAbout this happening: **Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
H score11
First: 31.03.2026 15:15
Last: 31.03.2026 15:15
Sources 1
About this happening:
TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor MetaAbout this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
Timeline
-
15.07.2026 15:45 2 articles · 2h ago
Sophos report finds compromised logins dominate ransomware initial access
Initial DisclosureSophos found that compromised identities and legitimate user logins accounted for 79% of ransomware initial intrusions across real-world incidents, with malicious emails at 26%, phishing at 24%, and brute force at 23%; attacks tied to exploited known vulnerabilities fell to 18% in 2026 from 32% in 2025, prompting recommendations for identity threat detection and response, multi-factor authentication across all access points, and regular identity credential audits.
Show sources
- Compromised Logins Surge as the Most Common Entry Point for Ransomware Attacks — www.infosecurity-magazine.com — 15.07.2026 15:45
- Compromised Logins Surge as the Most Common Entry Point for Ransomware Attacks — www.infosecurity-magazine.com — 15.07.2026 15:45