strains would attempt to target ICS, since the type of organizations that use these systems are usually sensitive to downtime and might be more willing to pay the ransom to restore their operations as quickly as possible. Most notably, however, is the use of the Data Exfiltration tactic that was previously more associated with banking Trojans and nation-state actors. Another possible scenario we see happening, is that state-sponsored threat actors will continue to increasingly adopt the use of ransomware. The ransomware and data exfiltration-leak combination can be especially attractive to state-sponsored actors, who are known to use “false flags” in an attempt to cover their tracks, thwart off security researchers and make attribution, which is often complicated enough, an even harder task. Thus, impersonating financially motivated cybercriminals that are also engaged in data exfiltration, like ransomware gangs, may prove to be a good cover to disguise their true, final goal. It may also be used to target government entities of rival countries and publish their sensitive data to harm their reputation and cause embarrassment. 33 | The Ransomware Landscape