Furthermore, researchers speciali ing in Industrial Control S stems (ICS) and Operational Technology (OT) security noted that ransomware has become a major threat to the manufacturing sector, which may be more sensitive to downtime compared to other sectors 23 . Another åfnding that corroborates the fact that ransom are has become a major concern for manufacturing organi ations is the recent disco er that se en prominent ransom are strains – EKANS (or Snake), DoppelPa mer, LockerGoga, Ma e, MegaCorte , Neåflim and Clop - ha e incorporated into their mal are “kill lists” that ha e the abilit to shut down ICS and industrial software-related processes (among others). This could potentially disrupt the operations of targeted victims. The number of ICS-related processes incorporated into these ransom are strains’ “kill lists” ranges from merel a couple of do ens to up to 150 ICS processes (in the case of Clop Ransom are) 24 . The targeting of ICS net orks is more commonl associated ith more ad anced, nation-state actors, since they are known to be the type of threat actors with the required skills and knowledge to perform disruptive attacks. Some of the most notorious attacks against ICS networks, such as Stuxnet, Triton/TRISIS, and Industroyer, were attributed to state-sponsored actors 25 . In addition, ICS security researchers track åf e prominent ICS-focused groups targeting the manufacturing sector, and most of them are believed to be states-sponsored 26 . According to a sample of the activities of nation-state actors detected in the course of 2020 b Microsoft, it appears the go ernment and defense sector as the industr in which nation-state APT groups (originating from Iran, North Korea, South Korea and China) showed the most interest. This sector is also one of the top six targeted industries by ransomware gangs according to our analysis 27 . It is noteworthy that various researchers in the cyber security community have highlighted the transition ransomware strains and the gangs operating them have recently made, to become more technically advanced and sophisticated, predicting the ould continue to adopt “APT techniques” 28 . Others also noted that ransomware attacks have recently displayed the “hallmarks of state-sponsored acti it ”, and predicted that state-sponsored threat actors may use ransomware as a cover to masquerade their end game (whether it be espionage, physical disruption or even destruction) 29 . https://blogs.microsoft.com/on-the-issues/2020/09/29/microsoft-digital-defense-report-c ber-threats/ https:// .dragos.com/blog/industr -ne s/ekans-ransom are-and-ics-operations/; https:// .åfree e.com/blog/threat-research/2020/07/åfnanciall -moti ated-actors-are-e panding-access-into-ot.html https:// . dnet.com/article/manufacturing-is-becoming-a-major-target-for-ransom are-attacks/ https://securelist.com/ics-threat-predictions-for-2021/99613/ https://blog.scadafence.com/snake-/-ekans-ransomware-nation-state-attackers-deploy-ot-oriented-malware https://f.hubspotusercontent10.net/hubfs/5943619/Whitepaper-Do nloads/Ransom are_in_ICS_En ironments_ Whitepaper_10_12_20.pdf https://www.dragos.com/blog/industry-news/manufacturing-sector-cyber-threats/ 29. 26. 27. 24. 23. 28. 25. 23 | The Ransomware Landscape