This story is over 5 years old.

Ker-Ching: One Group of Hackers Was Apparently Making $30 Million a Year

That’s a serious payday.
It's Angler, get it? Image: Shutterstock

Even the biggest fish in cybercrime have to raise their eyebrows at this one: Security researchers say they've found proof that a hacker or group of hackers is making $30 million a year from their operation.

Cybersecurity company Cisco announced today that had traced use of the Angler exploit kit, a notoriously effective and popular tool for hacking into computers, to servers belonging to hosting provider Limestone Networks. After some more digging, joined by researchers from Level 3 Threat Research Labs and OpenDNS, Cisco's researchers estimated that one hacker or group of hackers using these servers are targeting up to 90,000 victims a day.


Cisco got to the $30 million figure by building on a few other estimates:

  • The average life of an Angler server is 24 hours.
  • They worked out that there were likely around 3600 compromised users per day.
  • Most users are targeted by ransomware, and on average have to pay $300 to the hackers.

In all, they tally up this particular actor's winnings to an annual revenue of more than $34 million. Again, it's worth remembering that these figures are only Cisco's estimates, and there is no way to immediately independently verify their results. Indeed, Cisco note that "It is difficult to be 100% accurate with these numbers."

They also claim that this hacker or group likely makes up 50 percent of all Angler activity, meaning that, supposedly, the Angler exploit kit might be bringing in around $60 million a year for hackers around the world.

Limestone Networks have apparently shut down the offending servers.

After first emerging in late 2013, Angler has become one of the most popular exploit kits around. Essentially it's a neat package of hacking tools designed to break into targets' systems as efficiently as possible, by taking advantage of vulnerabilities in Flash, Java and other pieces of software.

Another Cisco report claimed that 40 percent of users worldwide who encounter an Angler exploit kit end up getting compromised.

Last month it was used as part of a malvertising campaign on Forbes, where some site visitors were automatically redirected to a page that hit their computers with Angler. It has also been used to infect point-of-sale systems, as well as deliver crafty ransomware.

It's unclear how effective this episode will be at curbing the popularity of Angler: setting up proxy servers is not an arduous task for cybercriminals. Regardless, what this research shows is that despite the myriad cybersecurity companies hunting for targets, and law enforcement agencies continuing to team up with them, digital crime continues to be a seriously profitable business.