Credentials for unhacked Windows RDP servers are just one of the rising commodities being pawned off by cyber criminals whose dark web antics are becoming more sophisticated every year.
Windows RDP servers can be used by attackers to gain a foothold in a victim's network to subsequently launch ransomware attacks and these are being sold for as little as 16 per server. That's according to a new black market report from Armor.
The proliferation of RDP server credential sales are just one branch in a wider tree of dark web nefariousness; elsewhere, cybercrime as a service is thriving given the relatively low price criminals can pay for such devastating services.
A targeted DDoS attack costs just $60 per hour but ransomware can cost a little more. Of the services listed in the report, prices vary depending on the product.
For instance, a generic copy of ransomware can cost between $225 and $660 while a copy of the Megacortex enterprise ransomware, which has already racked up millions in successful ransoms, can cost upwards of $1,000 plus 10% of the ransom.
If a 'set it and forget it' approach is what you're after, the long-running ransomware as a service (RaaS) Ranion can be run for as little as $120 per month, according to the data taken from English and Russian-speaking forums in the first half of this year.
The industry has been touting the rise of ransomware and RaaS for years now but a sharp rise has been observed in the number of reported cases, specifically in the UK.
Businesses reported a 195% increase this year in ransomware attacks - an attack vector that consistently scores highly in terms of most common threats to enterprises.
Financial fraud is still as prolific as it ever has been on the dark web, but a recent trend has emerged whereby criminals can monetise stolen card details without ever having the money enter their accounts.
Using a transfer service like Western Union, a legitimate service infamous for enabling scams and fraud, a user can send a criminal vendor $800 and receive $10,000 in return, the report reveals.
"For those scammers who don't possess the technical skills and a robust money mule network to monetise online bank account or credit card credentials, this is an offer that can be very attractive," said Chris Hinkley, head of Armor's threat resistance unit.
"The threat actors are still selling financial account and credit card credentials outright, but this clever service gives them an additional channel for monetising the large amounts of financial data available on the underground.
"Plus, they still reduce their risk because ultimately, they are not taking possession of the stolen funds."
Other services include Visa or Mastercard data for as little as $15 dollars (more for additional information such as date of birth) and ATM skimmers from $500.
Amazon gift cards with a $1,000 balance can also be purchased for as little as $100 and changes to credit history cost just $130.
As these services are being peddled on the dark web, it's notoriously difficult to track these criminals through their traffic alone and as their methods get more sophisticated, the battle only becomes more difficult.
"Having this intelligence is key in helping us protect our clients from current and emerging cyber threats," said Hinkley. "And although it feels like a never-ending battle, it is a fight worth fighting."
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
