2025 is on Track to have the Largest Number of Ransomware Victims ever, with a 54% Increase Year-Over-Year
KELA, a global leader in cyber threat and exposure intelligence solutions, today released its 2025 Midyear Threat Report, offering a comprehensive overview of the most significant cyber threats observed in the first half of 2025. The report highlights a rise in ransomware victims, with 3,662 tracked by KELA, alongside 2.67 million machines infected by infostealer malware, resulting in more than 204 million compromised credentials, which drove the cybercrime market to an all-time high.
In addition to these statistics, KELA's analysis reveals a shift toward more multi-extortion tactics in ransomware attacks, combining data theft, credential resale, and DDoS threats to maximize pressure on victims. The report also examines the continued rise of hacktivism, driven by escalating geopolitical tensions, and the rapid exploitation of emerging vulnerabilities in critical systems.
“The first half of 2025 continues the upward trend we've seen in recent years, with ransomware groups becoming more sophisticated, and infostealers remaining as the critical enabler for larger attacks,” said Elad Ezrahi, Threat Intelligence Team Lead at KELA. “Proactive cybersecurity is no longer optional – it's expected. But it's not just about doing more; it's about doing it smarter with deeper and more actionable threat intelligence.”
Key findings from KELA's 2025 Midyear Threat Report include:
— 3,662ransomware victims tracked globally in H1 2025, with the United States accounting for over half of all victims. In comparison, in all of 2024, KELA tracked a total of 5,230 victims, showing an H1 54% increase year-over-year (YoY).
— Clopransomware saw a 2,300% increase in victim claims, fueled by the exploitation of a vulnerability in Cleo software.
— 2.67 million machines were infected byinfostealer malware, with 204 million compromised credentials observed. Both are on track to surpass 2024, which saw over 4.3 million machines infected with approximately 330 million compromised credentials (this shows a 24% increase YoY).
— A surge inhacktivist claims, many linked to political conflicts, with more agile, decentralized, and opportunistic group behavior.
— The continued exploitation of newly disclosed vulnerabilities, with CVE-2025-0282 (Ivanti) and CVE-2025-0108 (Palo Alto) at the forefront.
In addition to an assessment of threat actor trends and techniques, KELA's report provides actionable intelligence for organizations to strengthen their defenses, including recommendations on improving incident response plans, enhancing DDoS protection, and prioritizing vulnerability management.
To download the full 2025 Midyear Threat Report, please visit KELA's website.
About KELA CyberKELA is a leading cyber threat intelligence (CTI) and external attack surface management (EASM) provider, empowering organizations to stop threats before they materialize. With a decade of intelligence powering its data lake, KELA's platform delivers real-time, actionable insights for end-to-end threat exposure reduction. Trusted by global enterprises and government agencies, KELA helps security teams proactively detect, prioritize, and mitigate cyber threats with unmatched precision and speed. Learn more at www.kelacyber.com.
Media Contact:Nicole Canulla617-645-6160
https://c212.net/c/img/favicon.png?sn=PH42911&sd=2025-08-04
View original content to download multimedia:https://www.prnewswire.com/news-releases/kela-reveals-over-3-600-ransomware-victims-and-2-67-million-infostealer-infections-in-the-first-half-of-2025–302520374.html
SOURCE KELA Cyber
https://rt.newswire.ca/rt.gif?NewsItemId=PH42911&Transmission_Id=202508040859PR_NEWS_USPR_____PH42911&DateId=20250804