During 2024, the average price of stolen databases belonging to Russian organizations settled near 450 USD. A study covering the latter half of the year analyzed 3,500 sales bids posted on underground platforms that trade in compromised data. The findings offer North American readers, including those in Canada and the United States, a clearer view of how these markets price data assets and the ongoing risk they pose to real-world businesses in the region. The report draws on publicly visible listings compiled by security researchers who monitor this illicit marketplace landscape.
Positive Technologies notes that it did not specify which ads were tied specifically to Russian leaks within the dataset. Still, the global picture shows a price discipline: about 55 percent of bids are under 1,000 USD, while roughly 6 percent command prices above 10,000 USD. In other words, the market tends to trade smaller bundles more often, with a minority of high-value offers attracting significant attention, especially for buyers in North America who weigh the potential impact on their own networks.
According to the data, the most expensive Russian data mass offered on Darknet marketplaces during 2024 was about 3,000 USD. In some cases price can be negotiated, and final costs may rise after discussions with buyers. Pricing hinges on multiple variables, including the data’s uniqueness, its type and relevance, the base size, and the importance of the owning company to the buyer. This dynamic structure helps explain why even modest data collections can fetch different quotes in different negotiations, particularly in markets touching the United States and Canada where risk assessment plays a big role.
An official from F6, formerly known as FAACT and Group IB, noted that average selling prices for databases have remained fairly stable over the past several years, typically ranging from 100 to 1,000 USD. While some buyers pursue values around 5,000 to 10,000 USD or even higher, such figures are not common in practice and usually reflect special circumstances or targeted data sets that carry heightened strategic value.
Igor Bederov, director of the T. Hunter Investigation Department, points out that most advertised databases are not fresh, unique data sets but compilations drawn from previously gathered information. This pattern underscores the ongoing reuse of existing data in illicit markets and the challenges it poses for security teams seeking to validate the originality of compromised records.
Analysts from Positive Technologies also observe a trend toward larger volumes of what is sometimes described as mess data. In about 71 percent of cases, Russian databases containing information about users and companies exceed 100,000 records. Smaller databases with fewer than 10,000 records account for roughly 4 percent of listings. The overall picture suggests a market that favors sizable bundles, even as the quality and coherence of the included data may vary, which complicates verification and remediation efforts for defenders in North America.
Additionally, recent industry chatter indicates a shift in how traders conduct business. There has been a noticeable uptick in the use of messaging apps to coordinate deals and exchange data, a trend that influences how quickly these markets operate and how easily buyers can negotiate terms across borders. From a security perspective, this shift raises questions about how incident responders in Canada and the United States can detect and disrupt these communications pathways before breach indicators escalate into real-world incidents.