DeepSec 2025 Talk: Ransomware vs. Info Stealers: A Comparative Analysis – Steph Shample
This talk provides a clear and practical comparison between two dominant forms of malware: ransomware and information stealers. While both are used by threat actors to profit from compromised systems, their methods, visibility, and impact differ dramatically.
We’ll start by defining each threat type and examining their primary objectives — ransomware aims for immediate financial gain through extortion, while info stealers quietly extract credentials, financial data, and other sensitive information for resale or future attacks. Worth noting is that Info stealers can and are often used as a precursor for a ransomware attack, connecting these two forms of malware in malicious operations.
We’ll start by defining each threat type and examining their primary objectives — ransomware aims for immediate financial gain through extortion, while info stealers quietly extract credentials, financial data, and other sensitive information for resale or future attacks.
Attendees will leave with a practical understanding of how to differentiate and defend against both types of threats, making this session valuable for security analysts, IT leaders, and anyone looking to strengthen their cyber threat intelligence.
We asked Steph a few more questions about her talk.
Please tell us the top 5 facts about your talk.
- According to various US cybersecurity firms reporting on infostealers, global damages tied to cybercrime in 2025 could arrive at upwards of 9 trillion dollars, which would be the equivalent of the third-largest economy if it were a country. Ransomware and infostealers are a large part of the cybercrime economy.
- Infostealers go after the most sensitive information, not just credentials; this includes browser cookies, authentication tokens, and more. Ransomware actors are using this exact infostealer-procured data to further malicious campaigns.
- Infostealer attacks observed throughout 2024 and 2025 proved that 2FA/MFA and antivirus software aren’t protective enough. Over half of the attacks had these protections in place, which the infostealers still defeated and went on to infect devices.
- Infostealers not only double as complementary to ransomware operations, they also act as malware loaders and can also be persistent malware.
- With the advent of AI, and ransomware using AI, we have to get ahead of these issues now before mitigation becomes even more difficult.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
Following ransomware for years: Tracking actors, kits, sales, and victims on the darknet, I knew that ransomware alone was bad enough. The United States even established a Ransomware task force in 2021, because of the ongoing threat. Now that infostealers have emerged, they are not only a threat in and of themselves, but they fuel and empower ransomware. These two malwares acting independently are bad enough, and I had to cover them as separate threats. But now, as the underground criminal ecosystem melds them together, tracking their future evolutions and collaboration is essential for public safety.
Why do you think this is an important topic?
The criminal underground adapts as quickly as technology itself. When established safeguards like MFA no longer provide adequate protection, collaboration and situational awareness become critical. Understanding how infostealers and ransomware operate, individually and in tandem, is essential for building collective resilience across both the public and private sectors.
Is there something you want everybody to know – some good advice for
our readers maybe? (Except for “come to my talk”)
Both infostealers and ransomware aren’t only “IT” or “Technical” issues – they are global business issues. They impact every sector, from financial to healthcare, from clean water to food supplies. More critical thinking and fast action is needed as a whole.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
Prediction: AI is of course going to have a role and impact with both infostealers and ransomware. 2025 already saw the first ransomware campaign use AI and LLMs to execute an attack. This will continue, making attacks faster, and enabling more people to conduct attacks because of tool automation.
Steph Shample is a seasoned cybersecurity professional with over 22 years of experience spanning military operations, government service, and threat intelligence. She specializes in dark web monitoring, cybercrime patterns, and dark market ecosystems, as well as educating the public on these topics. Previously, Steph served as a Non‑Resident Scholar in the Strategic Technologies & Cyber Security Program at the Middle East Institute, analyzing Iranian cyber strategies, proliferation networks, and regional security dynamics. Her military and civilian deployments—including two tours in Afghanistan—provided hands-on operational experience throughout the Middle East, Central, and South Asia. Steph’s thought leadership is frequently featured in media outlets such as CNN and Stars and Stripes, and she’s a recognized speaker at industry forums like Women in Cybersecurity (WiCYS) and Europe’s DeepSec. A trusted expert in dark web intelligence and more, Steph has been featured on DarkOwl’s Needle Stack Podcast, where she discussed AI trends, operational security, and the importance of dark web insights for enterprise defense. Her work empowers organizations to illuminate hidden threats and proactively respond to evolving cyber adversaries.