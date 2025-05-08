Report Links Infostealer Logs to Ransomware Surge

The malware is fueling new attacks and helping bad actors evolve the complexity of their operations.

May 8, 2025
Ransomware

KELA, a leading provider of cyber threat and exposure intelligence solutions, has released a new report, Inside the Infostealer Epidemic: Exposing the Risks to Corporate Security. It highlights the critical role of infostealer malware in fueling credential theft and enabling ransomware attacks. The report looks to shed light on the evolving cybercriminal ecosystem - revealing how stolen corporate credentials have become a cornerstone of cybercrime operations. 

Infostealer activity has surged by 266 percent in recent years, and the threat continues to grow in 2025. Infostealers, which steal credentials, personal data, and other sensitive information, have become a leading driver of identity theft, fraud, and costly data breaches. High-profile incidents like the Black Basta leak have exposed how many ransomware attacks originate from infostealer logs—underscoring the critical role these tools play in enabling ransomware attacks. 

The link between infostealer malware and ransomware attacks cannot be ignored. “Our research highlights how cybercriminals are efficiently monetizing stolen credentials, creating a thriving underground market," said Lin Levi, Threat Intelligence Analyst, at KELA. "Organizations must prioritize proactive measures such as credential security to disrupt these attack chains before they escalate into breaches and ransomware incidents.”

Included amongst the report’s key findings are:

  • Infostealer Malware as a Cybercrime Catalyst. Infostealers, which automate credential theft, have surged in popularity, often being sold through Malware-as-a-Service (MaaS) models. These stolen credentials serve as entry points for various cyberattacks, including ransomware.
  • The Evolving Market for Stolen Credentials. Cybercriminals are shifting from traditional forums to automated markets and subscription-based models, making credential trading faster and more efficient. Attackers can easily query stolen data, purchase credentials, and exploit them.
  • Victim Profiling Reveals Targeted Sectors & Roles. KELA connected 300 infostealer victims from July to August 2024 to affected individuals employed by different companies, uncovering that employees in Project Management (28 percent), Consulting (12 percent), and Software Development (10.7 percent) roles were most frequently affected. Personal computers storing corporate credentials were more commonly infected than work devices, and most compromised credentials belonged to current employees.
  • Ransomware Groups Exploiting Stolen Credentials. KELA’s research explored the link between infostealer-compromised accounts and ransomware groups Play, Akira, and Rhysida. In several cases, credentials for victims of these ransomware groups were found on cybercrime marketplaces between five and 95 days prior to the reported attack, suggesting a potential connection between stolen credentials and ransomware infections; the average time was 2.5 weeks.
Latest in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
May 1, 2025
General Cyberattack
Huntress Debuts Managed SIEM to Simplify Cybersecurity
May 8, 2025
Ai Safety Image
AI in Manufacturing: Balancing Benefits, Risks, Security and Compliance
May 8, 2025
Ransomware
Report Links Infostealer Logs to Ransomware Surge
May 8, 2025
Related Stories
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
MCP Server Could Revolutionize API Security
General Cyberattack
Cybersecurity
Huntress Debuts Managed SIEM to Simplify Cybersecurity
Ai Safety Image
Cybersecurity
AI in Manufacturing: Balancing Benefits, Risks, Security and Compliance
Today in Manufacturing Podcast
Sponsor Content
Today in Manufacturing Podcast
More in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
Today in Manufacturing has a new podcast brought to you by the editors of Industrial Media. In each episode, we discuss the five biggest stories in manufacturing, and the implications they have on the industry moving forward.
May 1, 2025
General Cyberattack
Cybersecurity
Huntress Debuts Managed SIEM to Simplify Cybersecurity
The platform offers compliance support, investigation, detection, response and threat hunting.
May 8, 2025
Ai Safety Image
Cybersecurity
AI in Manufacturing: Balancing Benefits, Risks, Security and Compliance
Hasty implementations of AI will create regulatory penalties, cyberattacks, and operational disruption.
May 8, 2025
Peach Istock Ai Cyber
Cybersecurity
Future-Proofing the ICS
Using machine learning to advance AI and redefine OT cyber defense.
May 8, 2025
Industrial Cyber
Cybersecurity
Beachheads and Safe Havens: How Threat Actors Gain Access and Maintain Control
How focusing on three key building blocks can help improve OT security.
May 8, 2025
Oil Refinery At Night 000064533213 Medium
Cybersecurity
CISA Warns of Unsophisticated Cyber Actors Targeting OT
'A simple script, when aimed at an unprotected valve, sensor or controller, can have very real consequences.'
May 8, 2025
Peach Istock Ai Cyber
Artificial Intelligence
AI Data Centers: Securing the Future
As industries race to leverage AI's potential, a sophisticated and evolving threat landscape is rising.
May 1, 2025
Coding
Cybersecurity
Email Remains Primary Gateway for Disinformation and Cyberattacks
Many adopt email authentication but half lack effective protection against spoofing.
May 1, 2025
People Cyber Metamorworks
Cybersecurity
Preparing for a Cybersecurity Audit
It may appear daunting, but this four-step process can help streamline your efforts.
May 1, 2025
Encryption
Cybersecurity
Kellogg, Hertz Victims in Cyber Breach of HR Files
The vulnerability has been identified as a file transfer software program.
May 1, 2025
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Threat Report Reveals Record Surge in Automated Cyberattacks
Cybercrime-as-a-Service continues to grow as threat actors weaponize AI and expand credential harvesting.
May 1, 2025
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Research Flags Resurgence of Older Cybersecurity Vulnerabilities
Examining how resurgent flaws are strategically positioned to pose ongoing critical threats.
April 24, 2025
Cybersecurity In A Bubble
Cybersecurity
One Billion AI Agents Are Expanding the Attack Surface
A new platform is using real-time vulnerability detection and mitigation tools to combat non-human threat actors.
April 24, 2025
Soc
Cybersecurity
AI-Driven SOC Platform Looks to Transform Threat Management Strategies
More threat analysis support could free-up resources for other security needs.
April 24, 2025
Hacking Alarm
Cybersecurity
Securing the Future of Manufacturing
A 257% spike in DDoS attacks represent an existential threat to operational continuity.
April 24, 2025