Cybercriminals sell access to businesses over the dark web for as little as $ 2000

Utrecht, 16 June 2022 – With the advent of the cybercrime-as-a-service revenue model, the information needed to organize an attack is in demand among cybercriminals. Kaspersky experts analyzed nearly 200 messages on the dark web that offered to purchase information for initial access to company forums. The average cost of accessing large corporate systems is between $ 2,000 and $ 4,000 ($ 1,900 and $ 3,800), which is relatively inexpensive compared to the potential harm to the targeted companies. Such services are of great importance to ransomware operators whose profits can reach as much as $ 40 million (€ 38 million) per year. These and other results can be found in the new Kaspersky report ‘How much does access to the company’s infrastructure cost?’

Kaspersky’s research shows that the dark web is not only in high demand for data obtained through an attack, but also for the data and services needed to stage an attack. Once an attacker gains access to an organization’s infrastructure, they can sell that access to other sophisticated cybercriminals, such as ransomware operators. Such attacks lead to significant financial losses and damage to the reputation of affected organizations. Both SMEs and large companies are the target of these attacks.

Kaspersky experts analyzed nearly 200 messages on the dark web that offered to buy the information for initial access to corporate forums, with the aim of uncovering the key types of company data sold, as well as the criteria cybercriminals use to price the data. organization. Most messages (75%) sold RDP (Remote Desktop) access. Provides access to an externally hosted desktop or application. Cybercriminals can connect to it, access it, and manage data and resources through a remote host, just as if a company’s employees managed the data locally.

Initial admission prices vary widely, from a few hundred dollars to hundreds of thousands. Not surprisingly, the most important factor for the high prices of the analyzed offers is the potential victim’s earnings – the price grows with the earnings. Prices can also vary depending on the company’s industry and the region in which it operates.

The correlation between the cost of network access data and a company’s revenue

Access to large enterprise infrastructures usually costs between $ 2,000 and $ 4,000 ($ 1,900 – $ 3,800), which are relatively modest prices. But there is also no maximum cost. Data from a company with a turnover of $ 465 million (€ 443 million) is for sale for $ 50,000 (over $ 47,500).

An example of a sales offer of data for remote access to five companies in one network for $ 50,000

Without a doubt, one of the most important components of the initial access price is the amount of money that the buyer can potentially earn on an attack by using this access. Ransomware operators are willing to pay thousands, if not tens of thousands, for the ability to infiltrate a corporate network. These often cost the target company millions of dollars. The most productive players in the past year have potentially received $ 5.2 billion (almost $ 5 million) in remittances over the past three years.

Cybercriminals not only encrypt company data, but also steal it. Later, they may post some of the stolen data on their blogs – primarily as evidence, but also as additional leverage – and threaten to publish more data unless the company pays them the money they require within a certain time frame.

“The cybercrime community has evolved, not only from a technical point of view, but also from an organizational point of view. Today, ransomware groups look more like real industries with services and products for sale. We are constantly monitoring darknet forums to detect new trends and tactics from the cybercriminal underground.We have seen the growing market of data needed to stage an attack.Gaining insight into dark web resources is essential for companies looking to enrich threat intelligence.Timely information on planned attacks, discussions on vulnerabilities and successful data breaches will help reduce the attack surface and take appropriate action, ”said Sergey Shcherbel, a security expert at Kaspersky.

The introduced dark web search in the Kaspersky Threat Intelligence portal provides access to insights from a number of validated sources worldwide, enabling companies to mitigate the impact of cyber attacks and identify potential threats before they become incidents.

More information:
On June 21, Yuliya Novikova and Sergey Shcherbel, security experts at Kaspersky, will shed light on how a company’s data and system information are sold in darknet markets during a webinar. Sign up for free here.
– Read the full report on dark markets for business data on

About Kaspersky
Kaspersky was founded in 1977 and is active worldwide in cybersecurity and digital privacy. Kaspersky’s threat intelligence and security expertise is continually transformed into innovative security solutions and services to protect businesses, critical infrastructures, governments and consumers worldwide. The company’s comprehensive security portfolio includes industry-leading endpoint security and a range of specialized security solutions and services to combat advanced digital threats. More than 400 million users and 240,000 business users are protected by Kaspersky technologies. For more information, visit

This article is a submitted message and is not the responsibility of the editors.

Leave a Comment