The time was that a cybercriminal gang would do all the heavy lifting themselves: reconnaissance of targets, compromising systems, deploying their malware, and monetising the attack. Now these groups have realised they can work more efficiently if they specialise in one or two parts of this process. From this we have seen the development of Cybercrime-as-a-Service, or a collection of services.
One of these is Ransomware-as-a-Service, which means a group of cybercriminals who will develop the ransomware. They usually also provide additional services to that, such as negotiations, having the website where the victim can connect to, and they will provide also the personnel who would negotiate the ransomware payment. But these are not going to be the same people who infiltrated the company and deployed ransomware. That is outsourced to another group, who carry out the attack and then hand it back to the commissioning group – in exchange for a fee or split of the profits.
