strains ould attempt to target ICS, since the t pe of organi ations that use these systems are usually sensitive to downtime and might be more willing to pay the ransom to restore their operations as quickly as possible. Most notably, however, is the use of the Data E åfltration tactic that as pre iousl more associated ith banking Trojans and nation-state actors. Another possible scenario we see happening, is that state-sponsored threat actors will continue to increasingly adopt the use of ransomware. The ransomware and data e åfltration-leak combination can be especiall attracti e to state-sponsored actors, ho are kno n to use “false æfags” in an attempt to co er their tracks, th art oâf security researchers and make attribution, which is often complicated enough, an e en harder task. Thus, impersonating åfnanciall moti ated c bercriminals that are also engaged in data e åfltration, like ransom are gangs, ma pro e to be a good co er to disguise their true, åfnal goal. It ma also be used to target go ernment entities of rival countries and publish their sensitive data to harm their reputation and cause embarrassment. 33 | The Ransomware Landscape