Ransomware groups are exploiting the legitimate Kickidler employee monitoring software for reconnaissance and credential theft after breaching networks. The software enables attackers to capture keystrokes and identify off-site cloud backups, facilitating further malicious activities such as encrypting VMware ESXi infrastructure. Cybersecurity experts recommend tightening controls on remote monitoring and management tools to prevent these types of attacks.