VendorsKELA
KELA
Cybersecurity reports and statistics published by KELA
8 categories5 reports
Research Reports
Reports and publications from KELA
KELA Report - National Cybersecurity Report Ransomware.pdf
10/21/2025
2025 Midyear Threat Report: Evolving Tactics and Emerging Dangers
8/4/2025
Inside the Infostealer Epidemic: Exposing the Risks to Corporate Security
4/29/2025
2025 AI Threat Report: How cybercriminals are weaponizing AI technology
3/25/2025
The State of Cybercrime 2025 Report
2/1/2025
Recent Statistics & Reports
In 2025, there were 103 distinct ransomware threat actors observed targeting critical infrastructure.
10/21/2025•
RansomwareRansomware groups
Out of 103 active ransomware groups, five groups accounted for nearly 25% of global ransomware incidents.
10/21/2025•
RansomwareRansomware groups
In 2025, 2,332 ransomware incidents targeted critical infrastructure, accounting for 50% of all incidents, compared to 1,745 incidents, which accounted for 54%, in 2024.
10/21/2025•
RansomwareCritical infrastructure
Qilin was responsible for 248 incidents, Clop for 246 incidents, Akira for 209 incidents, Play for 120 incidents, and SafePay for 115 incidents in 2025.
10/21/2025•
RansomwareRansomware groups
2.67 million machines were infected by infostealer malware in H1 2025. This led to more than 204 million compromised credentials being observed.
8/4/2025•
InfostealerCompromised credentials
Both infostealer infections and compromised credentials are on track to surpass 2024 figures, which saw over 4.3 million machines infected with approximately 330 million compromised credentials. This indicates a 24% increase YoY in these areas.
8/4/2025•
InfostealerCompromised credentials
3,662 ransomware victims were tracked globally by KELA in the first half of 2025. This represents a 54% increase year-over-year (YoY) compared to the first half of 2024, as KELA tracked a total of 5,230 victims in all of 2024.
8/4/2025•
Ransomware
The United States accounted for over half of all ransomware victims in H1 2025.
8/4/2025•
RansomwareUS
Clop ransomware experienced a 2,300% increase in victim claims, which was driven by the exploitation of a vulnerability in Cleo software.
8/4/2025•
RansomwareClop
Among the roles most vulnerable to credential theft, 28% were in Project Management, followed by Consulting (12%) and Software Development (10.7%).
4/29/2025•
CredentialsCredential theft
The average time between credentials being found and the reported ransomware attack was 2.5 weeks
4/29/2025•
CredentialsCredential theftRansomware
Infostealer activity has surged by 266% in recent years.
4/29/2025•
Infostealer
Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.
4/29/2025•
CredentialsCredential theftRansomware
KELA found a 200% surge in cybercriminals seeking AI to launch attacks.
3/25/2025•
AICyber attack
KELA's platform recorded a 200% increase in mentions of malicious AI tools and tactics in 2024.
3/25/2025•
AI
There was a 52% increase in discussions related to jailbreaking methods on cybercrime forums in 2024 compared to the previous year.
3/25/2025•
Jailbreaking
KELA found a 200% surge in cybercriminals seeking AI to launch attacks.
3/25/2025•
AICyber attack
3.9 billion credentials were shared in the form of credentials lists (ULP files).
2/1/2025
Over 330 million compromised credentials were linked to infostealer malware.
2/1/2025
The top three infostealer malware strains (Lumma, StealC, and RedLine) were responsible for over 75% of infected machines.
2/1/2025
Showing 21-40 of 42 results