The Hackers’ Bounty: How Much Do Cybercriminals Make From Innocent Users?

By   ISBuzz Team
Writer , Information Security Buzz | Nov 27, 2014 05:05 pm PST

Cybercriminals could be raking in profits 20 times greater than the cost of their attacks, according to figures compiled by Kaspersky Lab experts. Their research compared the cost of the most frequently used hacker tools with the money stolen in a successful malicious operation.

“Buying malware is currently not a problem: it’s easy to find them on various hacker forums, and they are relatively cheap, making them attractive. A cybercriminal following this illegal path doesn’t even need any skills – for a fixed price, they can get an off-the-peg package to launch their attacks at will. As a result, users need to be especially careful to ensure they don’t lose their money or data. They should also protect their devices and all online operations performed on them using a specialised solution such as Kaspersky Internet Security – Multi-Device,” says Alexander Gostev, Chief Security Expert at Kaspersky Lab.

Featured Download: Social media access at work. Do your employees know the rules?

For example, to create a phishing page that mimics a popular social network site as well as a spam mailing list that links victims to the fake site currently costs an average of $150. However, if cybercriminals catch 100 people, they can get up to $10,000 by selling sensitive data. The victims, in turn, lose their valuable contacts, personal photos, and messages.

A mobile Trojan blocker is significantly more expensive – today it costs $1000 on average to buy and distribute the malware. However, it means the “payoff” itself is also much higher. The prices that the attackers set for unblocking a smartphone vary from $10 to $200, which means that from 100 potential victims they can get up to $20,000.

The same sum can be earned through the use of encrypting ransomware, but the “initial investment” is twice as high – about $2,000. As expected, the victims’ losses are considerably more damaging because the minimum sum requested by the fraudsters for decrypting the data is usually $100.

To really hit the jackpot, fraudsters look for banking Trojans that target money directly. After spending approximately $3,000 on the exploit kit and a spam mailing list to spread the virus, cybercriminals could scoop up to $72,000. The average loss of an individual victim is $722.

About Kaspersky Lab

Kaspersky LabKaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x