The demand for ransomware attacks on dark web skyrocketed in the last year, with the marketplace showing a growth of more than 2,500 percent, according to a new report.

United States-based cybersecurity company Carbon Black published a study titled “the Ransomware Economy” earlier this week that shows ransomware attacks are becoming increasingly more accessible across the dark web and will likely continue to present a threat to users around the world.

To conduct the study, Carbon Black’s researchers scoured the dark web for websites, hacking forums and marketplaces where users can buy and sell cyber attacks, including ransomware and other related services.

The experts at the cybersecurity firm found more than 6,300 destinations online where sellers were offering ransomware services and more than 45,000 advertisements marketing the products to potential buyers looking to launch an attack.

The market for ransomware attacks featured a massive volatility in pricing, with attacks being made available for as little as just $0.50 and as expensive as $3,000. In many cases, the pricing for attacks were flexible, with some charging per target while others use fees charged a monthly or yearly rental fee.

Also involved in the varied pricing model is just what type of service the buyer is purchasing. Ransomware-as-a-Service (RaaS) attacks, in which every aspect of the attack is managed through a single platform—from distribution channels to payment portals and decryptor tools to unlock files—often cost more.

Buyers can also buy more limited services that may provide just one aspect of an attack. Users can purchase individual ransomware strains to build an attack around, for example, and pay significantly less for the payload alone with no surrounding service.

Flexible pricing models may make attacks seem cheap for users but are generating a significant amount of income for attackers. Carbon Black reported some ransomware authors make more than $100,000 per year—well above the average salary for the average software developer, who make about $69,000 per year according to figures from PayScale.com.

Those tempting revenue figures for ransomware authors are driven primarily by the newfound demand for the malicious software. Carbon Black reported ransomware marketplace sales on the dark web.

The year-to-date figures for ransomware sales in 2017 shows total revenue at $6,237,248.90. By comparison, the sales figures from 2016 for ransomware didn’t even crack a quarter of a million, totaling $249,287.05. That marks a total growth in sales of 2,502 percent.

Also on the rise as a result of the marketplace are ransoms extracted from victims who have their machine infected by the attacks. According to the FBI, ransom payments in 2016 totaled about $1 billion, up from just $24 million the year prior. One would expect the figures for 2017 to continue that trend of growth.

2017 has included several of the highest profile ransomware attacks on record, including the WannaCry ransomware that infected more than one million machines in more than 160 countries and the Petya attack that spread to more than 65,000 computers—both of which relied on a stolen exploit from the United States National Security Agency to spread.

RELATED STORIES
Security Cybercrime Ransomware Security