Over 35 ransomware families and 250 nation-state, ransomware, and cybercrime groups have been reported by Microsoft to be part of the ransomware-as-a-service landscape, according to ZDNet. "In the same way our traditional economy has shifted toward gig workers for efficiency, criminals are learning that there's less work and less risk involved by renting or selling their tools for a portion of the profits than performing the attacks themselves. This industrialization of the cybercrime economy has made it easier for attackers to use ready-made penetration testing and other tools to perform their attacks," said Microsoft Security in a blog post. Microsoft noted that threat actors have been delegating tasks in attacks, with one group responsible for double extortion and another tasked with ransomware payload development. Moreover, affiliates could be tapped to deploy certain ransomware payloads. "Payload-based attribution meant that much of the activity that led to Conti ransomware deployment was attributed to the "Conti Group", even though many affiliates had wildly different tradecraft, skills, and reporting structures," Microsoft added.