Moscow Exchange-listed cybersecurity firm Positive Technologies has released a comprehensive study on the dark web market, examining the pricing of illegal cybersecurity services and products, as well as the costs incurred by cybercriminals in executing attacks.
Among the most expensive forms of malware is ransomware, with a median cost of $7,500. Zero-day exploits are highly sought after, often fetching millions of dollars, the report said.
Despite the steep costs, the profit from a successful cyberattack can be as much as five times the initial investment required to carry out the illegal activity, according to the report.
Experts estimate that even a basic phishing attack involving ransomware can cost novice cybercriminals at least $20,000. The expenses involved include renting dedicated servers, subscribing to VPN services, and acquiring other essential tools to establish a secure, anonymous IT infrastructure for the attack.
Read: UAE cybersecurity: Over 223,800 assets exposed as AI-powered threats surge
Hackers also need access to the source code of malicious software or ready-to-use malware, as well as tools to breach the targeted company’s system and avoid detection by security measures.
In many cases, cybercriminals consult with seasoned professionals, purchase access to specific networks or data, and escalate their privileges within compromised systems.
These products and services are readily available on the dark web, with detailed instructions and leaked malware making it easier for even beginners to carry out successful attacks.
Malware remains a key weapon in a hacker’s arsenal, with 53 percent of all malware-related advertisements focused on its sale. Infostealers — malicious programs designed to steal sensitive data — are featured in 19 percent of posts, while crypters and code confusion tools, used to help malware evade detection, make up 17 percent.
Loaders, which help deliver malicious payloads, are highlighted in 16 percent of ads. The median cost of these tools is $400 for malware, $70 for infostealers, and $500 for crypters.
Ransomware, the most expensive category, has a median cost of $7,500, with some offers reaching as high as $320,000. Ransomware is often distributed via affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants typically receive 70–90 percent of the ransom.
To join these programs, a criminal must contribute 0.05 Bitcoin (about $5,000) and maintain a formidable reputation on the dark web.
Exploits are another popular attack tool, with 69 percent of exploit-related ads focusing on sales. Among these, zero-day vulnerabilities make up 32 percent of posts, with prices for these exploits often exceeding $20,000, and in some cases, reaching several million dollars.
Access to corporate networks is more affordable, with 72 percent of ads in this category focused on sales, and 62 percent of these priced below $1,000.
Hacking services are also in high demand, with 49 percent of reports in this category offering various types of hacks. For example, compromising a personal email account costs as little as $100, while infiltrating a corporate email account starts at $200.
Dmitry Streltsov, a threat analyst at Positive Technologies, explains: “On the dark web marketplaces, prices are typically determined in one of two ways: Either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4 percent of the transaction amount, with the forums setting the rates.”
Considering the expenses associated with acquiring tools and services on the dark web, along with the median ransom amounts, cybercriminals can achieve a net profit of $100,000 to $130,000 from a successful attack — five times the cost of their preparation.
For businesses, the financial impact of such an attack extends far beyond the ransom itself, as operational disruptions can lead to significant losses.
For example, in 2024, Texas-based multinational company CDK Global’s servers were taken offline for two weeks due to a ransomware attack. The company reportedly paid $25 million in ransom, while the financial losses incurred by dealers due to system downtime exceeded $600 million.
