Yes, ransomware is still a thing.

No, not all ransomware attacks unfold in the way you might expect.

Most contemporary ransomware attacks involve two groups of criminals: a core gang who create the malware and handle the extortion payments, and “members” of a loose-knit clan of “affiliates” who actively break into networks to carry out the attacks.

Once they’re in, the affiliates then wander around the victim’s network, getting the lie of the land for a while, before abruptly and often devastatingly scrambling as many computers as they can, as quickly as they can, typically at the worst possible time of day.

The affiliates typically pocket 70% of the blackmail money for any attacks they conduct, while the core criminals take an iTunes-ike 30% of every attack done by every affiliate, without ever needing to break into anyone’s computers themselves.

That’s how most malware attacks happen, anyway.

But regular readers of Naked Security will know that some victims, notably home users and small business, end up getting blackmailed via their NAS, or networked attached storage devices.