21 March 2025, Fri |
4:47 AM
21 March 2025, Fri |
4:47 AM
Positive Technologies has released a new study examining the dark web market, shedding light on the prices of illegal cybersecurity services and products used by cybercriminals to execute attacks. The research highlights the costs involved in cyberattacks, revealing that the most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are especially valuable, with prices often reaching millions of dollars. Despite the steep costs, the net profit from a successful cyberattack can be five times the investment required to organize it.
The study indicates that novice cybercriminals looking to execute a popular ransomware phishing attack may incur costs of at least $20,000. This includes renting dedicated servers, subscribing to VPN services, and acquiring tools for building an anonymous IT infrastructure to manage the attack. Attackers also need access to malicious software source code or ready-made malware, along with infiltration and evasion tools. Experienced hackers can further consult with experts and purchase access to targeted infrastructure or company data to escalate privileges within compromised systems. These products and tools are readily available for purchase on the dark web, making it easier for even beginners to carry out attacks.
The dark web marketplace is rife with malware-related ads, with 53% focused on malware sales. Among these, infostealers designed to steal data make up 19% of ads, while crypters and code obfuscation tools for hiding malware from detection appear in 17% of cases. The median cost of these types of malware is typically $400, $70, and $500, respectively. Ransomware stands out as the most expensive type of malware, with a median cost of $7,500, and some offers reaching as high as $320,000. The Ransomware-as-a-Service (RaaS) model, which distributes ransomware through affiliate programs, is common, with participants earning 70–90% of the ransom. To become a partner, a criminal must contribute 0.05 Bitcoin (approximately $5,000) and maintain a solid reputation on the dark web.
Exploits are also a hot commodity on the dark web, with 69% of exploit-related ads focused on sales. Zero-day vulnerabilities account for 32% of these ads, and the cost of exploits can exceed $20,000, sometimes reaching several million dollars. Access to corporate networks is relatively affordable, with 72% of these ads priced below $1,000. Among the most popular cybercriminal services, hacking accounts for 49% of the offerings, with prices for compromising personal and corporate email accounts starting at $100 and $200, respectively.
Dmitry Streltsov, Threat Analyst at Positive Technologies, explains: “On dark web marketplaces, prices are either fixed or determined through auctions. Auctions are commonly used for exclusive items like zero-day exploits. These platforms often generate revenue through escrow services, which temporarily hold buyers’ funds until the product or service is confirmed as delivered. The administrators or trusted users with strong reputations typically manage these services and earn at least 4% of the transaction amount.”
Given the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the preparation costs. However, for the victim company, the consequences of a ransomware attack can be far more costly. For instance, in 2024, CDK Global suffered a ransomware attack that led to two weeks of server downtime. While the company paid $25 million in ransom, the financial losses due to system disruptions exceeded $600 million.
This study underscores the growing risks associated with cybercrime and the lucrative market on the dark web that fuels these attacks.
