2025 Midyear Threat Report: Evolving Tactics and Emerging Dangers

Both infostealer infections and compromised credentials are on track to surpass 2024 figures, which saw over 4.3 million machines infected with approximately 330 million compromised credentials. This indicates a 24% increase YoY in these areas.

3,662 ransomware victims were tracked globally by KELA in the first half of 2025. This represents a 54% increase year-over-year (YoY) compared to the first half of 2024, as KELA tracked a total of 5,230 victims in all of 2024.

The United States accounted for over half of all ransomware victims in H1 2025.

Clop ransomware experienced a 2,300% increase in victim claims, which was driven by the exploitation of a vulnerability in Cleo software.

2.67 million machines were infected by infostealer malware in H1 2025. This led to more than 204 million compromised credentials being observed.