Top 5 targeted geographic regions (July 2019-June 2020) It is possible that the focus and heavy targeting of Western countries, particularly the US, stems from these countries being perceived as wealthier, with more funds to pay the ransom compared to other, non-Western countries, and thus ransomware gangs believe they are more likely to generate a profit out of them. However, coupled with the apparent Russian origin (of at least some) of the attackers, other possible motives to focusing on Western countries may come to mind. As already stated, ransomware attacks have increasingly become more targeted, similarly to the way state-sponsored attacks are typically targeted, as they are intended to serve their government’s national interests. In addition, state-sponsored attacks often involve exfiltrating and stealing victims’ data, which as we mentioned earlier, is a trend recently adopted by ransomware threat actors, who are usually considered to be financially motivated. According to data gathered by Microsoft between July 2019 and June 2020, Russian state-sponsored threat actors were responsible for 52% of the APT-related activities detected by the company over this period 18 . In addition, they found that the US was the top targeted geographic region by state-sponsored actors over the same time period: 69% of state-sponsored attacks targeted the US, followed by the UK (19%), Canada (5%), South Korea (4%) and Saudi Arabia (3%). 18. Screenshot of an advertisements of the DarkSide ransomware gang on Russian Dark Web forum 3.3 MOTIVES OF RANSOMWARE GROUPS 69% | United States 19% | United Kingdom 5% | Canada 4% | South Korea 3% | Saudi Arabia https://blogs.microsoft.com/on-the-issues/2020/09/29/microsoft-digital-defense-report-cyber-threats/ 15 | The Ransomware Landscape