The cost of a hacker attack using an encryption virus at the beginning of 2025 is on average $20 thousand, Vedomosti writes, citing data from Positive Technologies, based on an analysis of more than 20 thousand advertisements on 40 sites – large shadow forums, markets and Telegram. channels.
Image source: Hack Capital/unsplash.com
An attack on a target takes place in several stages, including collecting data about the company, renting or preparing infrastructure, purchasing the necessary tools, gaining access to the infrastructure and securing a foothold in it. If successful, attackers can receive $100–130 thousand in net profit, Positive Technologies estimates. In this case, the victim of the attack may face colossal financial damage as a result of disruption of business processes. For example, in 2024, due to a ransomware attack, the servers of the American company CDK Global were down for two weeks. To unblock them, the company paid cybercriminals $25 million, while due to downtime it lost more than $600 million.
Malware is one of the main tools in the arsenal of attackers, according to a study by Positive Technologies. 19% of ads on shady forums and sites offer information stealers designed to steal data, with a median cost of $70. 17% of the total number of advertisements offer cryptors and code obfuscation tools that allow one to hide from security measures at an average price of $400, and 16% offer downloaders costing around $500. Exploits are also very popular, the cost of which in 31% of cases ranges from $20 thousand to several million dollars. Among cybercrime services, resource hacking is the most popular (49% of reports). The rate for compromising a personal email account starts at $100, and for a corporate account at $200.
The price of malware depends on the technologies used and the reputation of the seller, said Positive Technologies analytical research analyst Dmitry Streltsov. “Tools that exploit zero-day vulnerabilities can cost millions of dollars, while malware based on known vulnerabilities costs much less,” he explained, adding that most tools are offered as a subscription for a specific period, such as a week, month or year.
According to the expert, the most expensive type of malware is ransomware, with a median cost of $7.5 thousand to $320 thousand. The high cost is explained by the complexity of development and high efficiency: it quickly spreads in a compromised infrastructure, is well camouflaged and can remove traces of an attack.
Attacks can be more multi-level and repeated, which is why the cost of preparation can be much more than $20 thousand, says Anton Averyanov, CEO of the ST IT group of companies, TechNet NTI market expert. At the same time, success depends more on the quality of preparation and the chosen goal than on the amount of investment, says Yaroslav Seliverstov, head of the research department in the field of AI of the directorate for the development and development of the digital platform of University 2035.
Experts note a noticeable increase in the cost of carrying out attacks over the past two to three years, which is associated with an increase in their complexity, as well as the introduction of protective measures by companies. Prices are also rising due to the rising cost of professional hackers and the rising costs of exploiting vulnerabilities and bypassing security. In addition, this process is affected by inflation.