JSWorm is a financially motivated ransomware group that first emerged in January 2019. Initially operating as a public Ransomware-as-a-Service (RaaS) platform, the group evolved its operational model by early 2020 to focus on more targeted "big-game hunting" attacks, shifting from mass-scale infections to private cooperation with affiliates. The group's primary motivation is financial gain through ransom payments. JSWorm is notably distinguished by its continuous evolution and frequent rebranding, having operated under various names including Nemty, Nefilim, Offwhite, Fusion, Milihpen, Gangbang, and Karma, often retaining underlying code similarities that allow researchers to track its lineage. The individual or entity behind JSWorm is a Russian-speaking threat actor known by the username "jsworm" (among other aliases like farnetwork and jingo), who was instrumental in developing the ransomware and managing its affiliate programs.