Ransomware operators often buy access from cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains. At least 10 different threat actors play the role of “initial access facilitators” to supply affiliates and other cybercrime groups with an entry point to deploy data theft and encryption operations. Initial access brokers are known to infiltrate networks via first-stage malware payloads such as The Trick, Dridex, Qbot, IcedID, Baza loader, or Buer Loader.
Source: https://thehackernews.com/2021/06/ransomware-attackers-partnering-with.html