Anyone who understands business knows that success requires two key things: a plan that’s well thought through, and a careful eye on money spent in relation to expected return on investment (ROI). As it turns out, that’s no different for cybercriminals. A new report by Recorded Future breaks down the economics of doing business in the world of cybercrime.

From malicious tools, to licenses, to cybercriminal-friendly services and intermediary commissions, the outlay of cash is not chump change. Quoting Recorded Future, Bradley Barth reports in SC Media, “An initial… cost of $20,000 is needed to launch a small botnet of 10,000-20,000 zombie computers. [And] monthly maintenance will cost an additional $5,000.” While that might sound like a significant pile of cash, the ROI can range from 400 to 600 percent.

Also, as Jai Vijayan points out in Dark Reading, based on Recorded Future’s findings, entrepreneurial-minded hackers can reap both direct and indirect returns. “The main income comes from the money you steal from individual bank accounts. Then there’s also the opportunity for residual income from actions like selling the login credentials at $100 to $200 a pop, or doing per-demand malware installation on the devices you have infected.”

The business model for a lucrative hacking business is typically not a self-reliant sole proprietorship. Rather, to succeed, hackers need to rely on an ecosystem of partners that provide tools, expertise, and services. “Contrary to what one might expect, you don’t need to be a jack-of-all-trades to succeed in cybercrime. The underground market is capable of supporting newbies and script kiddies just as efficiently as it can support the needs of the most sophisticated criminal groups and nation state actors,” reports Vijayan.

Read more about the business of cybercrime in Dark Reading.