Dark-Net Ransomware Economy: How the Dark-Web Fueled the Popularity of Ransomware


All cybersecurity experts agree on one thing. The ransomware trade has gone a tremendous revolutionary change. Huge part of that is associated with the widespread adoption of the dark-net. Tools are easily sold all over dark web markets allowing users to easily carry out large attacks. This, alongside with cryptocurrencies has empowered users to find a steady revenue stream.

About Ransomware

As the name implies, ransomware is a type of malware that hold people at ransom. The way it achieves that is by encrypting user files. In order for a user to decrypt his files, a 'ransom' has to be paid. Ransomware has rapidly evolved in the past decade. Latest ransom even allows the attacker to negotiate prices with the victim. This is done through a chat. Ransomware can be very costly and dangerous. Many found out the true potential of ransomware after the large WannaCry ransom.

Ransomware as a Service

Ransomware as a service is the latest innovation in the space. Threat actors that develop ransomware as a service do not have to distribute it. They simply develop and maintain the malware. Other users can buy the service and it is up to them to spread the virus. The developer then takes a cut from the earning.

This affiliate style idea allows both parties to win. One party gets a constantly maintained program that will always work while the other party gets a cut. Typically the profits are split by the two depending on what particular terms both parties agreed on.

Typically, ransomware as a service is a subscription. It is similar to legitimate services like Netflix or Spotify. The underground world of the dark web is taking ideas from the real economy and adapting them. This essentially point to the fact that a big underground economy is being established. Big hacking networks can bring millions of dollars in ransom from all around the world.

Huge Economic Growth

Ransomware as a service might sound good to some threat actors, but for most it's a nightmare. This idea leaves a trail of destruction as it evolved. Users are forced to pay huge amounts in cryptocurrency in order to get their data back. The fact that both parties take cuts can also be attributed to the higher costs.

A Cybersecurity firm focusing on endpoint security released a report in 2017. The Carbon Black report details the status of the dark-net when it comes to the ransomware. The report claims that the dark-net ransomware economy is thriving. The report includes statistical projections showing how the ransomware economy is meant to play out in the future.

Analyzing the Ransomware Economy

The paper found that the ransomware economy is growing at a tremendous rate. A 2,500% growth has been recorded year after year for the past decade. The findings are really interesting and are very important when it comes to estimating future growth.

The report also mentioned the huge number of ransomware markets on the dark-web. Over 6,000 marketplaces dealing ransomware exist on the dark-net at the time of writing this article. In total, over 45,000 related listings have been discovered on dark-net platforms.

The study also made sure to look into other pieces of the ransomware sector. The strategies employed in dark-net platforms have also been examined. It appeared that diy ransomware prices appeared to cost anywhere from $0.5 to $3,000 USD. The average price of ransomware was at about $10.50. This price is shockingly low considering the amount of damage such malware causes. One victim can earn criminals anywhere from $50 to $2,000 depending on how important the data is.

The study also made sure to compare the price across multiple years. The cybersecurity firm discovered that huge growth was present in ransomware sales. From 2016 to 2017 the number of sales increased by 2,500 percent. In currency, that also translates to huge amounts. In 2016, over $240,000 was earned from ransomware sales. That number jumped to over 6 million in 2017.

The statistics from the study are not that surprising. US authorities have estimated that threat actors gained $1 billion in 2016. As it turns out, a large number of ransomware vendors earn over $100,000 annually. This is achieved just through the sales of ransomware and not the ransom itself.

Another significant discovery also points to the huge growth of the ransomware sector. A large number of vendors opt to specialize in a specific part of the ransomware supply chain. This specialization in different sectors of the chain is a part of large economic growth. This specialization enables the human capital required for rapid economic expansion and development.

Additional Notes by Carbon Black

Rick McElroy, a security strategist at at Carbon Black was reflecting on the findings. Rick urged agencies to acknowledge the power yielded by such ransomware developers. They enable normal every day people to put hundreds of people and organizations at risk. He then intimated the danger of such malware and how it can disrupt daily live. This is part of the reason such attacks have been successful for years and yielded huge revenue.

The ransomware expert stated that the sellers of such software are not petty criminals. He referred to them as a force with black market trade taking advantage of the rapidly growing illicit market. Many of them are not interested in profiting from such attacks but just want to make an income.


Just like many other cyber-crimes, ransomware growth has only been fueled by the existence of the dark web. Ransomware has never been so accessible and easy to use. Anyone can go out and buy ransomware for his own profits. Such practices are highly illegal and we discourage them. The ransomware economy has grown tremendously over the last few years. Millions have been made just from the sale of such malware. The amount gained from ransom itself must be much larger than that number.