Also known in some circles as FIN7 or Carbon Spider, Coreid is a ransomware-as-a-service (RaaS) operation that develops ransomware tools and services and then collects money from affiliates who use these tools to carry out the actual attacks.