Diverse offerings

How much does a botnet cost on the dark web?

Networks of devices infected with malware that can be used for cyberattacks – according to a recent analysis by Kaspersky experts, are available on the dark web starting from 99 US dollars.

The illegal market offer is diverse: Prices can rise up to 10,000 US dollars depending on the quality of the respective botnet offered. In some cases, the development of custom botnets is possible. These specially adapted botnets have specific infection processes, malware types, infrastructure, and evasion techniques. The costs for these start at 3,000 US dollars and are not limited to a specific price range. In addition to one-time purchases, botnets can also be rented or acquired as leaked source code for a symbolic price. Prices range from 30 to 4,800 dollars per month or 10 to 50 US dollars for leaked botnet source codes. Since the beginning of 2024, Kaspersky experts have observed more than 20 offers for botnets for rent or sale in dark web forums and Telegram channels. Alisa Kulishenko, security expert at Kaspersky Digital Footprint Intelligence, comments:


“Mirai is probably the most notorious example of a botnet. It scans the internet for IoT devices with weak default passwords and uses a series of known default credentials to gain access and infect them. The infected devices then become part of the botnet, which can be remotely controlled to carry out various types of cyberattacks. The potential revenue from attacks using purchased or rented botnets is often very worthwhile for cybercriminals. These botnets enable, for example, illegal crypto mining or ransomware attacks; in the latter case, the average ransom payments amount to two million US dollars. Most of these illegal transactions on the dark web are conducted privately, via personal messages, and ‘partners’ are usually selected based on their reputation, for example, based on forum ratings.”

How to prevent your own devices from becoming part of a botnet

  • Ensure that the current version of firmware is used on devices and regular updates are performed.
  • Disable remote access to the device unless it is really needed.
  • Configure remote access via a VPN channel. For example, an IPSec protocol can be used for this.
  • Use a unique and strong password for all devices and services and change default passwords.
  • Use a reliable security solution that protects devices and your own digital privacy.


Weitere Artikel