The Malware Business Is Lucrative – As Long As You Don’t Get Caught

The Malware Business Is Lucrative – As Long As You Don’t Get Caught
Image: iStock

Most security reports are pretty dull. They tell the same story. The bad guys can get into almost any system, spend weeks or months there, exfitrate data and generally run amok. They use social engineering attacks or exploit vulnerabilities to find their way into networks. But the Carbon Black report, released today focusses on something else – the malware marketplace.

We’ve known for some time that malware production and distribution is a lucrative industry. Carbon Black’s report found a massive increase in the amount of malware being traded on the dark web because there is, simply, a massive demand for it.

They say there are currently 6,300-plus estimated dark web marketplaces selling ransomware, with 45K+ product listings. DIY malware kits sell for as little as $0.50. I can’t even get a discounted chocolate bar at the local supermarket for that!. The average price is just over $225.

They say ransomware sales have surpassed $6.2M – up from just over a quarter of a million dollars a year ago. This economy extorts, according to the FBI, ransom payments that totalled about $1B in 2016, up from $24M in 2015.

And if you’re a software developer wondering if you’re making a good living – the study found some sellers of ransomware are making more than $100,000 comparesdto $69,000 for a legitimate software developer, according to figures from

Ask most security experts why malware is such a major problem and they’ll tell you the same thing – follow the money. Famous United States bank robber named Willie Sutton was once asked why he robbed banks. His answer was probably the same as today’s malware criminals; that’s where the money is.

Log in to comment on this story!