Ransomware Attack Setup Costs Hackers $20,000

Researchers from Positive Technologies have analyzed the darknet market, examining prices for illegal cyber services and goods, as well as the expenses cybercriminals incur to carry out attacks. For this study, experts reviewed 40 sources in both Russian and English, including major darknet forums, marketplaces, and various Telegram channels. In total, they studied over 20,000 messages discussing malware, vulnerabilities, access to corporate networks, and cybercrime services.

The findings show that the most expensive type of malware is ransomware, with a median price of $7,500. Zero-day exploits are also highly valued, often selling for millions of dollars. However, the researchers note that the net profit from a successful attack can, on average, be five times higher than the preparation costs, even with high prices.

According to experts, organizing a popular phishing attack scenario using ransomware costs novice cybercriminals at least $20,000. If the attack is being prepared from scratch, hackers rent dedicated servers, purchase VPN subscriptions, and other tools to create a secure and anonymous command infrastructure. Expenses also include buying malware source code or ready-made malware on a subscription basis, programs for delivering it to the victim’s system, and tools for evading security measures.

Additionally, hackers may seek advice from more experienced cybercriminals, buy access to target infrastructure and data about the target company, or use services to escalate privileges in a compromised system. The range of available products and options, as well as leaked malware and instructions, can greatly simplify the process for beginners.

What Makes Up the Cost of Preparing an Attack

Malware is one of the main tools in a hacker’s arsenal. About 53% of ads related to such programs are for sales. In 19% of cases, infostealers designed to steal data are being sold; 17% are for cryptors and code obfuscation tools that help evade security systems; and 16% are for loaders. The median price for these types of malware is $400, $70, and $500, respectively. The most expensive malware is ransomware, with a median price of $7,500 (though some offers reach as high as $320,000). Such malware is mainly distributed through affiliate programs (RaaS, Ransomware-as-a-Service), where participants receive 70–90% of the victim’s ransom. To become a “partner,” one usually needs to pay a fee of 0.05 bitcoin (from $5,000) and have a good reputation on the darknet.

Another popular tool for attacks is exploits: 69% of ads in this category are for sales, with 32% related to zero-day vulnerabilities. In 31% of cases, exploit prices exceed $20,000, and sometimes can reach several million dollars.

Lower prices are typical for access to corporate networks: 72% of ads in this segment are for sales, and 62% of them are priced up to $1,000.

Among hacker services, resource hacking is the most popular (49% of messages). For example, compromising a personal email account starts at $100, while a corporate mailbox starts at $200.

“On underground marketplaces, prices are set in two main ways: either sellers set a fixed price themselves, or auctions are held. The latter is common for exclusive goods, such as zero-day exploits. The platforms where deals are made also profit, including through their own escrow services, which temporarily hold the buyer’s funds until the product or service is confirmed as received. On many platforms, these services are provided by administrators or users with good reputations. For this, they receive at least 4% of the deal amount—the forums set their own rates,” comments Dmitry Streltsov, an analyst at Positive Technologies.