Cybercriminal's Black Market Pricing Guide
Common prices criminals pay one another for products and services that fuel the cybercriminal ecosystem.
September 17, 2019
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blta9ccdba34b5e4faf/64f0d3c23a1231c5ba237001/1.jpeg?width=700&auto=webp&quality=80&disable=upscale)
The Dark Web is awash with both commoditized and creative black market goods and services targeted for cybercriminals of all kinds. Whether the bad guys are looking for ransomware-as-a-service to take systems hostage for profit, seeking personally identifiable information they can use to commit identity theft, or looking for hacking tools to collect that information themselves, there's always someone in the black-market supply chain willing to provide a product for a price.
Researchers with Armor's Threat Resistance Unit (TRU) research team recently released a report with detailed analysis on just exactly what those prices look like for many common black market products. Those findings, along with data from recent reports released by researchers at Deloitte and ESET within the last year, were compiled for this guide on just what crooks invest to fuel their online criminal enterprises.
Fullz data is hacker parlance for the whole enchilada when it comes to a package of personally identifiable information. That typically includes a person's: full name, date of birth, address, phone number, mother's maiden name, Social Security number, and driver's license number.
Prices: $30-40 U.S. data, $35-$50 U.K. data, $15-$20 Asia
So-called malware "loads" services provide attackers with malware distribution and support. Typically a distributor partners up with a malware developer to provide services for propagating successful infections. The loads services usually price per 1,000 installs on compromised machines, which can be then turned around to build botnets, fuel spam, and wage malvertising, brute-force, and other attacks.
Price: $60 per 1,000 systems worldwide, $400 per 1,000 U.S.-only
Source: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-risk-black-market-ecosystem.pdf
Just like software-as-a-service (Saas) provides software on a flexible subscription basis, ransomware-as-a-service (RaaS) offers up wares to criminals using the same model.
Price: As low as $120/month
Skimmer hardware and software combos for surreptitiously embedding into operable ATMs and point-of-sale (PoS) devices in the field are available in a range of shapes and models to match the most common ATM and PoS devices in use today.
Price: $700-$1,500 each
Account checkers are software programs that are the engines behind credential-stuffing attacks that check known good stolen credentials on one site against numerous other sites in the hope that the victim reused passwords across sites. These are bread-and-butter tools for criminals seeking to takeover accounts for fraudulent activities. They're frequently rented via a SaaS model.
Price: $60/month for checking 1,000 valid accounts at three financial institutions each
Source: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-risk-black-market-ecosystem.pdf
In the highly specialized world of cybercriminal activity, it's not always the people who hack accounts through phishing and malicious takeover who also steal money from those accounts. It's too risky for many of them, as it comes with bigger judicial repercussions - which is why there's a whole market just for selling stolen accounts.
Price: 10% of the total credit available in stolen account.
Source: https://www.welivesecurity.com/2019/01/31/cybercrime-black-markets-dark-web-services-and-prices/
Money mules are the "trusted" criminal of the cybercrime ecosystem: the people who accept funds stolen from hacked accounts into their bank account. The money can then be accessed by the crooked "customer," with the mule taking a percentage cut for providing an account to make the handover.
Price: 10% to 20% of the take
Money mules use shell corporations as a front to open business bank accounts that can be used to shift around fraudulently acquired funds. The black market gives them an easy way to establish phony credibility through vetted, ready-made corporate documents and employer identification numbers (EIN) that will pass muster through the financial system.
Price: $800-$1,600
For criminals that don't have connections with a money mule, and don't want to do transfers themselves, a new type of full-service money laundering operation is increasingly popping up on the Dark Web these days. These laundering services will steal from the compromised account and arrange for transfer to a bank account or PayPal or a direct transmission of funds via Western Union for a percentage of the take.
Price: 10% to 12% of transaction value
Owners of large botnets have made a killing for years now renting out their vast infrastructures of compromised machines for distributed denial-of-service (DDoS) attack services. These rentals can be done by the hour, the day, the week, and even the month for longer-term campaigns.
Price: $60/hour, $280/day, $479-$679/week, $2,000/month
Owners of large botnets have made a killing for years now renting out their vast infrastructures of compromised machines for distributed denial-of-service (DDoS) attack services. These rentals can be done by the hour, the day, the week, and even the month for longer-term campaigns.
Price: $60/hour, $280/day, $479-$679/week, $2,000/month
The Dark Web is awash with both commoditized and creative black market goods and services targeted for cybercriminals of all kinds. Whether the bad guys are looking for ransomware-as-a-service to take systems hostage for profit, seeking personally identifiable information they can use to commit identity theft, or looking for hacking tools to collect that information themselves, there's always someone in the black-market supply chain willing to provide a product for a price.
Researchers with Armor's Threat Resistance Unit (TRU) research team recently released a report with detailed analysis on just exactly what those prices look like for many common black market products. Those findings, along with data from recent reports released by researchers at Deloitte and ESET within the last year, were compiled for this guide on just what crooks invest to fuel their online criminal enterprises.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024