• Phishing remains the most common route for initial access. Most phishing attacks are focused on gaining access to user credentials as well directing the victims to compromised websites for further infection. The rise of access brokers has paralleled this increase in ransomware. Attackers are no longer attacking systems – they are logging in.

• System vulnerabilities also contribute to the rapid development of exploit kits that are then used to carryout ransomware attacks. As of Jun 2022, researchers at Google had recorded 18 zero-day exploits. The number of zero-day vulnerabilities have also registered an equal increase in numbers with 80 of them being disclosed in 2021.

• An increase in the attack surface brought about by a dispersed workforce has led to an increase of ransomware attacks targeting individual users. While most organizations have now developed robust systems to ensure security of home users' endpoints, there are still some gaps that are being exploited by attackers to firstly access to gain credentials and then to use these credentials to gain access to critical systems.