Microsoft Reveals the Cost Hackers Pay to Steal Your Data

Posted February 15, 2022

Over the past two years, the world has witnessed a dramatic increase in cybercrime attacks and complexity. The true scope of attacks is largely unknown due to the fact that not all victims publicly release attack data. However, based on reported data, we know that in 2021, Government institutions, education, healthcare, services, technology, and manufacturing were the hardest hit industries. The drastic increase in attacks can be attributed to our shift to work-from-anywhere, geo-political tensions, wide availability of hacking tools, and state-sponsored funding of attacks. As WatchGuard identifies in their 2022 security predictions, groups selling to state-sponsored organizations are mostly responsible for funding much of the sophisticated threats and vulnerabilities targeting mobile devices. With state sponsorship funding attacks and the rise of ransomware as a service, we’ve witnessed attackers treating their attacks as a true business with profit, loss, cash flow, and even marketing / public image. We even saw a hacking group create a fake company, called Boston Secure, to hire legitimate programmers as part of its expansion into ransomware. The recruits were unwittingly employed in real-life cyberattacks under the guise of red team simulations.

Hackers are treating cybercrime as a real business because to them it is, and the earning potentials continue to skyrocket. According to new estimates from Cybersecurity Ventures, ransomware costs are projected to reach $265 billion by 2031. What’s more, they predict, “There will be a new attack every two seconds as ransomware perpetrators progressively refine their malware payloads and related extortion activities.”

Like any business, bad actors have expenses and with the advent of ransomware-as-a-service (RaaS) and hackers for hire, it can be surprising how small the investment can be to steal your data. According to new research from Microsoft, attackers for hire start at only $250 USD per job, and ransomware kits are available for only $66 USD or 30% of the profit. Compromised devices start at 13 cents per PC and 82 cents per mobile device. Spear phishing for hire ranges from $100 to $1,000 USD. Stolen username and password pairs begin at 97 cents per 1000 on average.

Average prices of cybercrime services for sale

Just like the supply chains they attack; hackers have their own supply chains in attack services. These supply chains are sophisticated and mature where specialists create attack kits that attackers buy and incorporate into their campaigns. According to Microsoft, “increased demand for these services, an economy of specialized services has surfaced, and threat actors are increasing automation to drive down their costs and increase scale.”

Attackers are also selling compromised credentials that may have been obtained from phishing, scraping botnet logs or other credential harvesting techniques, imposter domain names, phishing-as-a-service, and customized lead generation by country, industry, or roles.

The good news is that tools, systems, and processes exist to protect your business from attacks. Contact us to learn more.

Kevin Willette

Kevin Willette is Partner / CEO of Verus Corp. His focus is ensuring complete customer satisfaction and providing as much or as little support as is needed for the individual client. Kevin knows that plenty of places do IT services, but what sets Verus Corp apart is the local feeling and the commitment to doing things right the first time. He has always wanted to be a business owner because it affords him the opportunity to offer a service that was better than anything clients had seen before. His true goal is to help customers make their businesses better by removing potential IT barriers. Kevin served as chair for Habitat for Humanity during his time at Minnesota State University, Mankato. He has also served on the WatchGuard Advisory Council since 2016. Kevin’s work with Verus Corp has helped them achieve awards as the WatchGuard Partner of the Year and Cisco Select Partner. Kevin graduated from Minnesota State in 2000 with a major in Business Marketing and minors in Business Administration and Music.