21 ransomware groups were prominent in data e åfltration attacks during 2020. The top si groups - Ma e, Conti, Egregor, DoppelPaymer, NetWalker and REvil - are responsible for attacks on 80% of the total ictims. Top ten targeted countries constitute 87% of the total victims. The USA as the most targeted countr , ith 56% of the victims. More than half of the victims were American. The second most targeted country was Canada, ith 8% of the ictims. This huge gap emphasi es e en further the focus on the USA. Almost all the top ten targeted countries are Western countries, while there are no former Soviet Union republics (FSU), including Russia, in the list of targeted countries. The focus on Western countries suggests a more targeted nature of the ransomware attacks, in sharp contrast to the classic ransomware attacks, which were more indiscriminate and random in nature. The absence of FSU countries from the victims list may potentially suggest the operators of the ransomware gangs are from these countries. HERE ARE THE KEY FINDINGS DRAWN FROM OUR RESEARCH: Alongside the “double extortion” tactic, another trend that has emerged in recent years, is that ransomware attacks are becoming less indiscriminate and more focused and targeted on high-value and high-proåfle enterprises and entities. This also reminded us of nation-state actors, whose attacks are very focused and targeted in nature. Thus, besides conducting a statistical analysis of the ransomware attacks that involved data e åfltration/leakage to dra conclusions on the “double extortion” trend, we also used this analysis to check if ransomware gangs are becoming more similar to state-sponsored actors in other aspects. Manufacturing is the leading industry with over 30% of the total targeted industries. The top si industries, manufacturing, åfnancial services, transportation, technology, retail and go ernment & defense constitute 70% of the total targeted industries. The targeting of Industrial Control Systems (ICS) by ransomware gangs bears similarities to nation-state actors, since these attacks are known to require advanced skills and knowledge, usually associated with nation-state actors. While ransomware gangs are becoming more sophisticated, it is important to note that nation- sponsored actors have also been observed to increasingly use ransomware in their attacks. The operators behind prominent ransomware attacks in 2020 commonl abused t o notable ulnerabilities: CVE-2019-19781 and CVE-2019-11510, both were also popular among state-sponsored groups. 4 | The Ransomware Landscape