The assailants carrying out ransomware attacks have proved hard to identify because the technology they use, like Bitcoin and anonymous messaging platforms, allows them to communicate and transact with victims without being easily tracked.

Many of the criminals operate from countries outside the reach of American law. The Justice Department has indicted hackers in Iran, North Korea and Russia, but none appear to face any threat of extradition.

American authorities have suggested that several of these attackers have operated with the protection of their governments, and have helped their governments by passing along hacked files.

Security experts said ransomware has evolved into an industry, with hundreds of gangs vying for the most lucrative victims. Some hackers have specialized in “ransomware as a service,” writing the victim-facing software and selling it to others through the so-called dark web. They have even built out customer-service centers to deal with victims and their payments.

In recent attacks, the hackers often spent months quietly scouting out the innards of the computer networks of potential victims to ensure they have every important file tied up.

They are often eager to prove to victims that they will return the files when they are paid, to ensure a prompt transaction. When victims don’t pay, some gangs have begun publicly releasing private files to ratchet up the pressure — as was the case with Southwire, one of the world’s largest electrical wire and cable manufacturers that operates out of Georgia.

Southwire filed a lawsuit against its attackers, unknown hackers, asking for the site where the company’s files had been published be taken down. But the hackers soon moved their operations to a new site and released even more files.