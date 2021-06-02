The business is now highly specialized. An affiliate will identify, map out and infect targets using ransomware that is typically “rented” from a ransomware-as-a-service provider. The provider gets a cut of the payout; the affiliate normally takes more than three-quarters.

Other subcontractors may also get a slice. Those can include the authors of the malware used to break into victim networks and the people running so-called “bulletproof domains” behind which the ransomware gangs hide their “command-and-control” servers. Those servers manage the remote sowing of malware and data extraction ahead of activation, a stealthy process that can take weeks.

WHY DO RANSOMS KEEP CLIMBING? HOW CAN THEY BE STOPPED?

Colonial Pipeline confirmed that it paid $4.4 million to the gang of hackers who broke into its computer systems last month.

The FBI discourages paying ransoms, but a public-private task force including tech companies and U.S., British and Canadian crime agencies says it would be wrong to try to ban ransom payments altogether. That's largely because “ransomware attackers continue to find sectors and elements of society that are woefully underprepared for this style of attack.”