Apr 29, 2025 SOURCE: PR NewsWire

KELA Report Links Infostealer Logs to Ransomware Surge

Analysis of 300+ victims highlights the roles and industries most vulnerable to credential theft with 28% in Project Management

SAN FRANCISCO, April 29, 2025 /PRNewswire/ -- KELA, a global leader in cyber threat and exposure intelligence solutions, today released a new report, Inside the Infostealer Epidemic: Exposing the Risks to Corporate Security. The report highlights the critical role of infostealer malware in fueling credential theft and enabling ransomware attacks, and it sheds light on the evolving cybercriminal ecosystem, revealing how stolen corporate credentials have become a cornerstone of cybercrime operations.

Infostealer activity has surged by 266% in recent years, and the threat continues to grow in 2025. Infostealers, which steal credentials, personal data, and other sensitive information, have become a leading driver of identity theft, fraud, and costly data breaches. High-profile incidents like the Black Basta leak have exposed how many ransomware attacks originate from infostealer logs--underscoring the critical role these tools play in enabling ransomware attacks.

The link between infostealer malware and ransomware attacks cannot be ignored. "Our research highlights how cybercriminals are efficiently monetizing stolen credentials, creating a thriving underground market," said Lin Levi, Threat Intelligence Analyst, at KELA. "Organizations must prioritize proactive measures such as credential security to disrupt these attack chains before they escalate into breaches and ransomware incidents."

Among the report's key findings, include:

    --  Infostealer Malware as a Cybercrime Catalyst - Infostealers, which
        automate credential theft, have surged in popularity, often being sold
        through Malware-as-a-Service (MaaS) models. These stolen credentials
        serve as entry points for various cyberattacks, including ransomware.
    --  The Evolving Market for Stolen Credentials - Cybercriminals are shifting
        from traditional forums to automated markets and subscription-based
        models, making credential trading faster and more efficient. Attackers
        can easily query stolen data, purchase credentials, and exploit them.
    --  Victim Profiling Reveals Targeted Sectors & Roles - KELA connected 300
        infostealer victims from July to August 2024 to affected individuals
        employed by different companies, uncovering that employees in Project
        Management (28%), Consulting (12%), and Software Development (10.7%)
        roles were most frequently affected. The Technology sector was the most
        targeted, with Brazil ranking as the highest impacted region. Personal
        computers storing corporate credentials were more commonly infected than
        work devices, and most compromised credentials belonged to current
        employees.
    --  Ransomware Groups Exploiting Stolen Credentials - KELA's research
        explored the link between infostealer-compromised accounts and
        ransomware groups Play, Akira, and Rhysida. In several cases,
        credentials for victims of these ransomware groups were found on
        cybercrime marketplaces between 5 and 95 days prior to the reported
        attack, suggesting a potential connection between stolen credentials and
        ransomware infections; the average time was 2.5 weeks.

To mitigate the Infostealer threat, KELA advises organizations to adopt proactive defense strategies, including active threat monitoring, proactive access management, robust endpoint protection and employee cybersecurity awareness.

To explore KELA's full findings and recommendations, download Inside the Infostealer Epidemic: Exposing the Risks to Corporate Security. For an even deeper dive, register for an upcoming webinar hosted by Lin Levi.

About KELA
KELA is an Intelligence-Driven Threat Exposure Management company. We are redefining how organizations discover, monitor, and reduce risk from external threats--both known and unknown, managed or unmanaged. Our unique technology enables automatic, real-time access to the exact places where threat actors communicate, collaborate, and monetize stolen information, allowing organizations to take proactive action. By combining our proprietary CTI Platform with External Attack Surface Management and Third-Party Risk Management, along with direct access to the hidden corners of the cybercrime underground in the Deep and Dark Web, our solutions empower organizations to continuously and proactively reduce their exposure to external threats--at any scale, from a single enterprise to the national level. Learn more at www.kelacyber.com.

Media Contact:
Nicole Canulla
394215@email4pr.com
617-645-6160

View original content to download multimedia:https://www.prnewswire.com/news-releases/kela-report-links-infostealer-logs-to-ransomware-surge-302440691.html

SOURCE KELA Cyber

KELA CYBER

Related News

KELA Cyber Finds 200% Surge in Cybercriminals Seeking AI to Launch Attacks

KELA Launches Identity Protection Solution to Stop Cyber Attacks at Their Source

KELA Names Ayesha Prakash as Vice President of Global Channels and Alliances

KELA Releases State of Cybercrime 2024: The Alarming Rise of Infostealers and Ransomware & Predictions for 2025

KELA Launches New Technology for Attack Surface Intelligence

KELA Launches AI-Driven Digital Cyber Analysts, Industry's First Agentic AI for Threat Intelligence

KELA Announces the Addition of Featured Queries to Their DARKBEAST Platform

KELA Launches Sensitive Hostname Detection

View all News

Latest Procurements

Deadline: Jun 26, 2025

Procurement Of Spares For Rafale Aircraft

648. 30-Apr-2025 05:00 PM 26-Jun-2025 03:00 PM 03-Jul-2025 03:00 PM PROCUREMENT OF SPARES FOR RAFALE AIRCRAFT/AIR HQ/DPROC/25-26/W25012/PUR/2025_IAF_705992_1 Indian Air Force -- Organisation Details : Organisation Name :...

Deadline: May 19, 2025

Items: Helmet Airborne (Defence) Quantity: 50

BID NO: GEM/2025/B/6127551 View Corrigendum/RepresentationItems: Helmet Airborne (Defence)Quantity: 50Department Name And Address: Ministry of DefenceDepartment of Military AffairsStart Date: 30-04-2025 2:59 PMEnd Date: 19-05-2025 10:00 AM

Deadline: May 20, 2025

Aircraft Replacement Parts

Important Notice: Procurement Posting Guidelines During Federal Elections During a federal government election, it is the buyerâs responsibility to obtain proper approval prior to posting procurement activities on CanadaBuys....

View all Procurementsp