What Is Sold (and at What Price) on the Black Market Now
A key part of security efforts is determining the value of information and goods on the black market in order to better gauge the risks for certain types of data. Two reports, one from Armor and another from IntSights, reveal what’s being sold on the black market and for how much in U.S. dollars.
The usual fare sold on the black market consists of the expected bank account credentials, credit card numbers, full identity packets for $40, and DDoS and spamming services. But Armor’s Threat Resistance Unit (TRU) research team took inventory on 12 different dark marketplaces under the Black Market umbrella to see what else was there.
They found some surprises on both English-speaking and Russian-speaking marketplaces. Among the unexpected were a service to erase a foreclosure from your credit report for $150, and another to have your competitor’s website taken offline for $60 an hour. Other surprises, the researchers said, included cash for pennies on the dollar, login credentials for unhacked Windows servers for use with Remote Desktop Protocol (RDP), and articles of incorporation.
Credentials for unhacked Windows RDP servers, a common point of entry for ransomware, start at $20 each. But criminals appear to be rapidly adjusting their business models to increase their earnings. Ryuk ransomware, which aims to steal confidential financial, military, and law enforcement files, is a prime example.

StealthBits’ Jeff Warren
“The most interesting thing to take away from this [Ryuk] malware is the simplicity in the techniques it leverages for identifying sensitive files; unfortunately, these techniques are likely to be highly successful,” said Jeff Warren, general manager of products at STEALTHbits Technologies.
“With nothing more than comparing file names to a list of 77 strings, the malware is able to identify and exfiltrate sensitive information. Without basic protections like encryption on these sensitive files, they are left completely exposed to anybody who is able to exfiltrate them. Moreover, the malware uses basic scanning to identify and mount additional shared folders, so anywhere a user has access is left completely vulnerable to these types of attacks,” Warren added.
Cybercriminals also are selling articles of incorporation and sole proprietorship papers to aid buyers in applying for an Employer Identification Number (EIN) and open a business bank account.
“A business bank account allows a criminal to move larger amounts of money in and out of the account, making it less likely that the bank’s fraud alerts will be triggered,” according to the Armor report.
Further, for a mere $800 in Bitcoin, a buyer can get $10,000 transferred to a bank account of their choice or wired to them via Western Union. This is the stuff of a perfect money-laundering or money-theft scheme.

Armor’s Chris Hinkley
“For those scammers who don’t possess the technical skills and a robust money mule network to monetize online bank account or credit card credentials, this is an offer that can be very attractive,” said Chris Hinkley, head of Armor’s TRU Team.
The threat actors are still selling financial account and credit card credentials outright, Hinkley added, “but this clever service gives them an additional channel for monetizing the large amounts of financial data available on the underground. Plus, they still reduce their risk because ultimately, they are not taking possession of the stolen funds.”
The IntSights research team focused more on the Black Market value of digital browser identities, which can consist of …
- Page 1
- Page 2