Cybercriminals have started exploiting vulnerabilities on a regular basis, especially zero-days. This trend was typically associated with nation-states in the past. However, following the growing dominance of ransomware attacks, it is no longer a big deal for a successful ransomware group to get involved in this game.

New buyers for zero-day flaws

A recent analysis made by researchers from Digital Shadows indicates that an increasing amount of chatter has been observed on dark web message boards regarding the criminal market for zero-day vulnerabilities.
  • Zero-day vulnerabilities may often cost millions of dollars. Therefore, this expensive and competitive criminal market has so far been considered exclusive to well-financed nation-state threat groups.
  • However, with the recent growth of several ransomware attacks, several high-profile cybercriminal groups have apparently amassed lots of money.
  • These self-financed groups are now competing with traditional buyers of zero-day exploits.


Along with selling zero-day vulnerabilities on underground forums, there is another way to make money from vulnerabilities, which has led to faster adoption of critical exploits by ransomware operators and cybercriminals. 
  • A new Exploit-as-a-Service (EaaS) is now available to less sophisticated cybercriminals.
  • In this method, the cybercriminals who discovered the vulnerability can lease it out to others. This approach allows them to earn money faster than the typical process of selling the exploits for a hefty sum in the market.
  • Selling an exploit may take a long time, and for that time the flow of money continues. The EaaS model generates good and regular earnings by renting the zero-day out while waiting for a buyer.
  • Additionally, they offer an option to sell the zero-day if the users are tired of leasing it.  Therefore, attackers can test the proposed zero-day via lease and then decide to buy it.


Ransomware groups are now earning a lot of money and buying zero-days that cost millions of dollars. Moreover, the increase in adoption of EaaS has resulted in easy access for everyone to critical vulnerabilities. This further indicates how the cybercrime environment is evolving and becoming more sophisticated and yet easily accessible for cybercriminals.

Cyware Publisher