Skip to main content
    Stolen Passwords Now Lead Cause of Ransomware Attacks
    Cybersecurity
    Important
    2 min read

    Stolen Passwords Now Lead Cause of Ransomware Attacks

    Email attacks that steal login credentials have become the top way ransomware gets into systems, even when two-factor authentication is turned on.

    Source

    Dark Reading

    Original headline: Identity Attacks Overtake Exploits as Top Ransomware Cause

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Wednesday, July 15, 2026Updated Thursday, July 16, 20262 min read
    Share:

    Ransomware attackers have shifted their tactics. Email attacks that steal login credentials overtook software vulnerabilities as the top way ransomware enters systems last year. Even more concerning, multifactor authentication (also called MFA or two-factor authentication) was active in 97% of credential-based attacks but still failed to prevent the compromise.

    This means having two-factor authentication alone is no longer enough protection. This affects anyone who uses email and online accounts, which includes nearly every family. The attackers are getting better at tricking people into giving away their usernames and passwords through convincing fake emails. They are also finding ways around two-factor authentication, possibly by tricking users into approving login requests they did not initiate or by intercepting codes sent via text message. Protect your family with these immediate actions:

    1. Train everyone in your household to never click links in unexpected emails, even if they appear to come from familiar companies. Instead, type the website address directly into your browser.
    2. Use authentication apps like Google Authenticator or Microsoft Authenticator instead of text message codes for two-factor authentication when possible. Apps are harder for attackers to intercept.
    3. Never approve a two-factor authentication request that you did not initiate yourself. If you get an unexpected approval request on your phone, deny it and immediately change your password.
    4. Use a password manager to create unique, strong passwords for every account. This prevents one stolen password from compromising multiple accounts.
    5. Enable login alerts on important accounts so you receive notifications when someone signs in from a new device or location. Think of email security as your front door lock. Teach children and elderly family members that emails requesting urgent action, password resets, or account verification are usually scams. Make it a family rule: when in doubt, do not click. Visit websites directly by typing the address, and call companies using phone numbers from their official websites, not from emails.

    Protect Yourself

    Use our Cyber Threat Radar to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: Dark Reading

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.