Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Cyber Insurance

Cybercriminals Promise Millions to Skilled Black Hats: Report

Cybercriminals say they are willing to pay over a million dollars per year to individuals with network management, penetration testing, and programming skills willing to put on a black hat, a new Digital Shadows report reveals. 

Cybercriminals say they are willing to pay over a million dollars per year to individuals with network management, penetration testing, and programming skills willing to put on a black hat, a new Digital Shadows report reveals. 

Posts on Dark Web forums reveal that one threat actor is willing to pay in excess of $64,000 per month ($768,000 per year) to skilled individuals willing to help them conduct nefarious operations. The salary would go up to $90,000 per month ($1,080,000 per year) for the second year. 

Cybercrime groups looking for accomplices who can help them extort money from high-worth individuals, including company executives, lawyers and doctors, promise monthly pays starting at $30,000 per month ($360,000 per year), Digital Shadows notes in their report.

“In the past, cybercriminals were restrained by money laundering difficulties in the cyber space, but with the rise of cryptocurrencies virtually any illicit income of any size can be legalized without legal ramifications. Highly competitive salaries and other forms of remuneration in cybergangs are, however, widely spread and have been for a while already,” High-Tech Bridge CEO Ilia Kolochenko told SecurityWeek in an emailed comment. 

“These numbers also undermine the long term sustainability of commercially-motivated bug bounties. We will likely see a decline of skilled people involved in crowd security testing as they can either find a highly competitive salary in the industry, or alternatively shift to the dark side. At least their primary motivator will not be money,” Kolochenko also noted. 

For those interested in working alone, blackmail and extortion guides are available on underground forums for less than $10. Stolen credentials, admin panels, network and website access, and sensitive documentation can also be purchased on underground marketplaces. 

Extortion attempts take many forms, ranging from threatening to expose sensitive information about the victim to holding their data for ransom. One of the most popular types of activity is sextortion, where cybercriminals claim to have evidence of the victim having an affair and threaten to publicly expose them.

Digital Shadows says it observed a sample of sextortion campaigns targeting over 89,000 unique recipients with 792,000 extortion attempts from July 2018 to February 2019. The attackers could be reaping an average of $540 per victim, the report says.

Advertisement. Scroll to continue reading.

The extortionist usually provides the victim with a known password that serves as “proof” of compromise, claims to have compromising evidence, and urges the victim to pay a ransom to a specified Bitcoin (BTC) address. In some cases, the criminal claims the recipient will be “killed” unless a Bitcoin demand is paid.

“Extortion is in part being fuelled by the amount of ready-made extortion material readily available on criminal forums. These are lowering the barriers to entry for wannabe criminals with sensitive corporate documents, intellectual property, and extortion manuals being sold on by more experienced criminals to service aspiring extortionists,” Digital Shadows notes. 

One extortion attempt that caught attention not long ago involved the hacking group The Dark Overlord, which attempted to sell hundreds of thousands of documents belonging to British insurance company Hiscox. Among these, the hackers claimed to have tens of thousands of documents related to the September 11 terrorist attacks.

Related: Hackers Attempt to Sell Stolen 9/11 Documents

Related: Dark Web Chatter Helpful in Predicting Real World Hacks, Firm Says

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights