KELA Report Links Infostealer Logs to Ransomware Surge

Analysis of 300+ victims highlights the roles and industries most vulnerable to credential theft with 28% in Project Management

SAN FRANCISCO, April 29, 2025 /PRNewswire/ -- KELA, a global leader in cyber threat and exposure intelligence solutions, today released a new report, Inside the Infostealer Epidemic: Exposing the Risks to Corporate Security. The report highlights the critical role of infostealer malware in fueling credential theft and enabling ransomware attacks, and it sheds light on the evolving cybercriminal ecosystem, revealing how stolen corporate credentials have become a cornerstone of cybercrime operations.

Infostealer activity has surged by 266% in recent years, and the threat continues to grow in 2025. Infostealers, which steal credentials, personal data, and other sensitive information, have become a leading driver of identity theft, fraud, and costly data breaches. High-profile incidents like the Black Basta leak have exposed how many ransomware attacks originate from infostealer logs—underscoring the critical role these tools play in enabling ransomware attacks.

The link between infostealer malware and ransomware attacks cannot be ignored. "Our research highlights how cybercriminals are efficiently monetizing stolen credentials, creating a thriving underground market," said Lin Levi, Threat Intelligence Analyst, at KELA. "Organizations must prioritize proactive measures such as credential security to disrupt these attack chains before they escalate into breaches and ransomware incidents."

Among the report's key findings, include:

• Infostealer Malware as a Cybercrime Catalyst – Infostealers, which automate credential theft, have surged in popularity, often being sold through Malware-as-a-Service (MaaS) models. These stolen credentials serve as entry points for various cyberattacks, including ransomware.
• The Evolving Market for Stolen Credentials – Cybercriminals are shifting from traditional forums to automated markets and subscription-based models, making credential trading faster and more efficient. Attackers can easily query stolen data, purchase credentials, and exploit them.
• Victim Profiling Reveals Targeted Sectors & Roles – KELA connected 300 infostealer victims from July to August 2024 to affected individuals employed by different companies, uncovering that employees in Project Management (28%), Consulting (12%), and Software Development (10.7%) roles were most frequently affected. The Technology sector was the most targeted, with Brazil ranking as the highest impacted region. Personal computers storing corporate credentials were more commonly infected than work devices, and most compromised credentials belonged to current employees.
• Ransomware Groups Exploiting Stolen Credentials – KELA's research explored the link between infostealer-compromised accounts and ransomware groups Play, Akira, and Rhysida. In several cases, credentials for victims of these ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack, suggesting a potential connection between stolen credentials and ransomware infections; the average time was 2.5 weeks.

To mitigate the Infostealer threat, KELA advises organizations to adopt proactive defense strategies, including active threat monitoring, proactive access management, robust endpoint protection and employee cybersecurity awareness. 

To explore KELA's full findings and recommendations, download Inside the Infostealer Epidemic: Exposing the Risks to Corporate Security. For an even deeper dive, register for an upcoming webinar hosted by Lin Levi.

About KELA
KELA is an Intelligence-Driven Threat Exposure Management company. We are redefining how organizations discover, monitor, and reduce risk from external threats—both known and unknown, managed or unmanaged. Our unique technology enables automatic, real-time access to the exact places where threat actors communicate, collaborate, and monetize stolen information, allowing organizations to take proactive action. By combining our proprietary CTI Platform with External Attack Surface Management and Third-Party Risk Management, along with direct access to the hidden corners of the cybercrime underground in the Deep and Dark Web, our solutions empower organizations to continuously and proactively reduce their exposure to external threats—at any scale, from a single enterprise to the national level. Learn more at www.kelacyber.com.

Media Contact:
Nicole Canulla
394215@email4pr.com
617-645-6160

View original content to download multimedia:https://www.prnewswire.com/news-releases/kela-report-links-infostealer-logs-to-ransomware-surge-302440691.html

SOURCE KELA Cyber