How Much Do Hackers Spend and Earn? A Deep Dive into Cybercrime Economics

This article, compiled from efficient operations experts, examines the costs and revenues of typical hacker operations, detailing expenses for tools, services, and the profitability of various malicious "weapons".

How Much Does a Typical Hacker Attack Cost?

Launching an attack requires preparation and procurement of resources. Typical monthly expenses include:

Paid channel subscription: $3,000 per month Escape detection service: $20 (one‑time) + $30 per day ≈ $600 per month Attack toolkit: $500 per month Traffic purchase: $300 per day × 6 days = $1,800 per month Total: $5,900 per month

How Much Can a Hacker Earn in a Month?

Assuming a conservative estimate based on observed data, an average of 20,000 users click malicious links daily, with a 10% infection rate and a 0.5% ransom payment rate. This yields roughly $3,000 daily revenue, or $90,000 per month, resulting in a net profit of about $84,100 after expenses.

Daily clicks: 20,000 Success rate: 10% Ransom payment rate: 0.5% Daily income: 20,000 × 10% × 0.5% × $300 ≈ $3,000 Monthly income: $90,000 Net income: $90,000 – $5,900 = $84,100

Weapon 1: Malicious Digital Certificate Signing Service

Digital certificates, issued by trusted Certificate Authorities (CAs), normally verify the identity of communication parties. Some malicious services sell signed certificates that reduce detection rates by 80%. One such service offers signatures from Thawte and Comodo for $600 per executable.

Weapon 2: Fake Antivirus (Rogue AV)

Fake antivirus software mimics legitimate security products, displaying fraudulent infection warnings to coerce victims into paying for a license, typically $70 per license. Such schemes can generate hundreds of thousands of dollars annually, often maintained by a small group of hackers.

Weapon 3: Abuse of IP Reputation Databases

IP reputation services help filter malicious traffic, but hackers can purchase lists of “honeypot” IPs from FBI and security vendors to evade detection. Access to these lists lowers the chance of being caught.

Weapon 4: Web Shells – Keys to Illegal Website Control

Web shells allow attackers to gain full control over poorly managed websites, enabling data theft, file uploads, and the insertion of malicious links. Prices for web shells often include target site metrics such as Alexa rank and visitor count.

Weapon 5: User Data Trading

Personal data, especially payment‑related credit card information, is highly valuable. Hackers sell compromised accounts on underground forums, pricing a $100,000‑balance account at $10. Dedicated marketplaces list thousands of credit‑card records, often accepting Bitcoin payments.

Understanding these illicit tools and revenue streams highlights why cybercrime remains pervasive and underscores the importance of robust security awareness and defensive measures.