Security Experts:

Connect with us

Hi, what are you looking for?


Cyber Insurance

Cybercriminals Promise Millions to Skilled Black Hats: Report

Cybercriminals say they are willing to pay over a million dollars per year to individuals with network management, penetration testing, and programming skills willing to put on a black hat, a new Digital Shadows report reveals. 

Cybercriminals say they are willing to pay over a million dollars per year to individuals with network management, penetration testing, and programming skills willing to put on a black hat, a new Digital Shadows report reveals. 

Posts on Dark Web forums reveal that one threat actor is willing to pay in excess of $64,000 per month ($768,000 per year) to skilled individuals willing to help them conduct nefarious operations. The salary would go up to $90,000 per month ($1,080,000 per year) for the second year. 

Cybercrime groups looking for accomplices who can help them extort money from high-worth individuals, including company executives, lawyers and doctors, promise monthly pays starting at $30,000 per month ($360,000 per year), Digital Shadows notes in their report.

“In the past, cybercriminals were restrained by money laundering difficulties in the cyber space, but with the rise of cryptocurrencies virtually any illicit income of any size can be legalized without legal ramifications. Highly competitive salaries and other forms of remuneration in cybergangs are, however, widely spread and have been for a while already,” High-Tech Bridge CEO Ilia Kolochenko told SecurityWeek in an emailed comment. 

“These numbers also undermine the long term sustainability of commercially-motivated bug bounties. We will likely see a decline of skilled people involved in crowd security testing as they can either find a highly competitive salary in the industry, or alternatively shift to the dark side. At least their primary motivator will not be money,” Kolochenko also noted. 

For those interested in working alone, blackmail and extortion guides are available on underground forums for less than $10. Stolen credentials, admin panels, network and website access, and sensitive documentation can also be purchased on underground marketplaces. 

Extortion attempts take many forms, ranging from threatening to expose sensitive information about the victim to holding their data for ransom. One of the most popular types of activity is sextortion, where cybercriminals claim to have evidence of the victim having an affair and threaten to publicly expose them.

Digital Shadows says it observed a sample of sextortion campaigns targeting over 89,000 unique recipients with 792,000 extortion attempts from July 2018 to February 2019. The attackers could be reaping an average of $540 per victim, the report says.

The extortionist usually provides the victim with a known password that serves as “proof” of compromise, claims to have compromising evidence, and urges the victim to pay a ransom to a specified Bitcoin (BTC) address. In some cases, the criminal claims the recipient will be “killed” unless a Bitcoin demand is paid.

“Extortion is in part being fuelled by the amount of ready-made extortion material readily available on criminal forums. These are lowering the barriers to entry for wannabe criminals with sensitive corporate documents, intellectual property, and extortion manuals being sold on by more experienced criminals to service aspiring extortionists,” Digital Shadows notes. 

One extortion attempt that caught attention not long ago involved the hacking group The Dark Overlord, which attempted to sell hundreds of thousands of documents belonging to British insurance company Hiscox. Among these, the hackers claimed to have tens of thousands of documents related to the September 11 terrorist attacks.

Related: Hackers Attempt to Sell Stolen 9/11 Documents

Related: Dark Web Chatter Helpful in Predicting Real World Hacks, Firm Says

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...