The average ransom is up to $2 million, while renting a botnet to attack the network only costs a small fee.
Botnets, or networks of malware-infected technology devices, from smart electric toothbrushes to industrial network devices, can be exploited by cybercriminals to launch a series of automated attacks, such as DDoS.
An example of a botnet for sale on the black market.
Mirai is one of the most prominent examples of a botnet attack, according to Alisa Kulishenko, a security analyst at Kaspersky Digital Footprint Intelligence. The malware works by scanning the Internet for IoT devices with weak passwords, then using available credentials to access and infect these devices. The infected devices become part of the botnet, and cybercriminals can launch cyberattacks.
Botnets like Mirai are often customized by attackers for sale to the public. Like other “goods” sold on the black market, their prices depend on their quality. This year, the lowest botnet cost $99, while more complex networks can cost as much as $10,000, Kaspersky said.
In addition to “buying and selling,” botnets are also available for rent, with prices ranging from $30 to $4,800 per month. “It is estimated that the profits from these attacks can far exceed the cost of renting or buying a botnet. Cybercriminals can use botnets for cryptocurrency mining, ransomware attacks, and many other illegal activities,” Alisa Kulishenko revealed.
Open source companies report that the average ransom is as high as $2 million, he said. Meanwhile, renting a botnet costs a small fee and only requires one successful attack to pay back.
In addition to buying off-the-shelf botnets, attackers have cheaper ways to acquire these networks. Similar to leaked data, botnet source code can also be leaked online. Based on an analysis of 400 posts on darknet markets and Telegram since the beginning of 2024, Kaspersky found that cybercriminals can access the leaked source code for free or pay between $10 and $50. However, botnets obtained from leaked sources are often the choice of less experienced attackers, as they are easily detected by security solutions.
Watch More Image Part 2 >>>