This article gives background on the supply chain that supports ransomware. That’s why there’s so much of it around…:
[…] McAfee describes both GrandCrab and Sodinokibi as Ransomware-as-a-Service (RaaS), where ransomware can be sold to other criminals to attack IT systems.
In the case of GrandCrab, at the top of the organisation are the developers, who create the malware. They then delegate the job of infecting systems to affiliates who are responsible for spreading the ransomware and generating infections.
Samani described the graphic below as “an organisational chart for bad guys”.
The ransom is paid back to the developers who take a percentage and pass the rest on to the affiliates — usually a 80/20 or 70/30 split in favour of the affiliate.
“This is no longer ‘send an email to a consumer and wait for $200 to $300’, this is very much an organisation-driven motivated attack,” Samani said.