The First Half of 2025 Reveals Over 3,600 Ransomware Victims and 2.67 Million Infostealer Infections

According to KELA, 2025 is on track to have the largest number of ransomware victims ever, with a 54% increase year-over-year.
Aug. 5, 2025
2 min read
ID 232762643 © Andrey Popov | Dreamstime.com
The First Half of 2025 Reveals Over 3,600 Ransomware Victims and 2.67 Million Infostealer Infections

KELA released its 2025 Midyear Threat Report, offering a comprehensive overview of the most significant cyber threats observed in the first half of 2025. The report highlights a rise in ransomware victims, with 3,662 tracked by KELA, alongside 2.67 million machines infected by infostealer malware, resulting in more than 204 million compromised credentials, which drove the cybercrime market to an all-time high.

In addition to these statistics, KELA's analysis reveals a shift toward more multi-extortion tactics in ransomware attacks, combining data theft, credential resale, and DDoS threats to maximize pressure on victims. The report also examines the continued rise of hacktivism, driven by escalating geopolitical tensions, and the rapid exploitation of emerging vulnerabilities in critical systems.

"The first half of 2025 continues the upward trend we've seen in recent years, with ransomware groups becoming more sophisticated, and infostealers remaining as the critical enabler for larger attacks," said Elad Ezrahi, Threat Intelligence Team Lead at KELA. "Proactive cybersecurity is no longer optional—it's expected. But it's not just about doing more; it's about doing it smarter with deeper and more actionable threat intelligence."

Key findings from the report include:

  • 3,662 ransomware victims tracked globally in H1 2025, with the United States accounting for over half of all victims. In comparison, in all of 2024, KELA tracked a total of 5,230 victims, showing an H1 54% increase year-over-year (YoY).
  • Clop ransomware saw a 2,300% increase in victim claims, fueled by the exploitation of a vulnerability in Cleo software.
  • 2.67 million machines were infected by infostealer malware, with 204 million compromised credentials observed. Both are on track to surpass 2024, which saw over 4.3 million machines infected with approximately 330 million compromised credentials (this shows a 24% increase YoY).
  • A surge in hacktivist claims, many linked to political conflicts, with more agile, decentralized, and opportunistic group behavior.
  • The continued exploitation of newly disclosed vulnerabilities, with CVE-2025-0282 (Ivanti) and CVE-2025-0108 (Palo Alto) at the forefront.

In addition to an assessment of threat actor trends and techniques, KELA's report provides actionable intelligence for organizations to strengthen their defenses, including recommendations on improving incident response plans, enhancing DDoS protection, and prioritizing vulnerability management.

Source: KELA

 

Sign up for ISE Newsletters
Get the latest news and updates.

Related

NTIA Self-Certify List for BABA-Compliant Companies
BEAD/BABA Rundown: State and Tribal Collaboration
What is 5G Standalone?
Sponsored
A Composite Solution
Sponsored