The Thriving Underground Economy and How It’s Increasing Hacker Capabilities

The spread of ransomware has reached unprecedented levels; every few days, there are headlines about new attacks crippling major companies or organizations. Some of these attacks have resulted in 8 figure ransoms, but the damage caused by downtime and data leaks is much larger than losses to ransoms. 

A lot of the profits hackers are raking in get reinvested in enhancing their capability. All of this cash is driving the growth of an increasingly advanced and sophisticated underground economy, and with it, an expansion in hacker capabilities. 


Ransomware-as-a-Service (RaaS) refers to a business model where specialized software developers ‘license out’ software to hackers in exchange for a percentage of any ransom payments made. Typically, the RaaS outfit will take a smaller percentage in the range of 20-30%, while the hackers who actually break into a network take the rest. 

RaaS operations offer their partners a full range of services, including tech support and customer service. RaaS operators will also conduct recruiting campaigns to search for top talent and offer bonuses for high performing partners.

Some ransomware gangs, such as the DarkSide gang behind the Colonial Pipeline attack, operate like major corporations with public relations and human resources departments.

This level of specialization allows dedicated teams to work full time on circumventing the latest antivirus software in order to avoid detection.

Data Auction Houses

Also invigorating hackers is the ability to auction off stolen data. When hackers break into a system, even if they can’t intimidate the victims into paying a ransom, they can steal sensitive data and threaten to release it unless a ransom is paid.

In some cases, data may be valuable enough to sell in its own right. In other cases, releasing it can cause legal problems for their victims. Many times, it can be cheaper to pay a ransom than to deal with the headaches of reporting a data leak and compensating users.

Silicon Valley for Ransomware

What do you do when you make so much money with ransomware hacks that you don’t know what to do with it all? Invest it in developing more ransomware! 

So much money has entered the ransomware space that it has now developed its own venture capital ecosystem. As with conventional venture capital investments, proposals come complete with profiles of the developers and their past accomplishments— in this case, notable hacks. 

This allows investors to hedge their bets by investing in multiple hacking operations and provides programs to a ready supply of capital to cover operational expenses like hiring, server costs, and other expenses.


As with any industry, ransomware industry leaders are attempting to spur innovation in the space. A Russian language hacking forum recently organized a competition for technical papers on how to hack cryptocurrency wallets, with more than $100,000 in prizes. 

Sharing Infrastructure

There are also signs that major ransomware gangs are joining together to share essential infrastructure. For example, some gangs share a data leak site, and they also pool data on zero day vulnerabilities and software exploits.

The Threat Landscape is Getting More Crowded

There are more opportunities for hackers to make money than ever before. What is currently happening on the dark web is akin to what happened with the internet in the early 2000’s— software is becoming more streamlined and user friendly, so the barriers to entry for aspiring cyber criminals are lower than ever.

As a result, the range of threats facing digital infrastructure worldwide is bigger and more diverse than ever. Unprecedented funding levels mean that an arms race between cybersecurity developers and hackers is intensifying, with both sides struggling to stay ahead of each other. 

In order to counter this threat, there will probably have to be a major escalation in capabilities within the cybersecurity community. Between 2019 and 2020 cyberattacks more than tripled, and cybersecurity budgets are growing in response. 

Cybersecurity professionals alone can’t carry this whole burden, however. A growing number of attacks depend on social engineering attacks like phishing. Preventing these kinds of attacks will require stronger general cybersecurity awareness by everyone interacting with IT systems.

As technology becomes an increasingly important part of our lives and the way we do business, we need a fundamental shift in the way we think about cybersecurity to counter the growing threat from bad actors. 

Print Friendly, PDF & Email
Security Consultant | Website

Jeff Stout is a cybersecurity consultant. His work brings him into contact with ransomware and ransomware hackers on a daily basis.

Leave a Reply

Your email address will not be published. Required fields are marked *