This report is based on a comprehensive database that was collected from the ebsites of 21 ransom are groups. These groups ere in ol ed in e åfltrating data from a total of 1,112 companies, located in 63 countries. We focused on ransom are acti it that occurred during 2020, hen the ransom are groups started to publish stolen data on their dedicated platforms. As will be elaborated below, the collection of data, its anal sis and classiåfcation has been done manuall . We selected the groups based on the frequency of cyber threat intelligence published on the Dark Web and included updated links to websites of current and new active groups. The manual collection of data stolen by the ransomware groups involved accessing all their websites, which are mostly located in the Darknet. A few of the ebsites ere inaccessible or ha e been taken do n and e used diâferent tools to successfully access their archived Darknet pages. This unique combination of manual and automated data gathering, provided a comprehensive picture of all relevant groups, including ones that stopped their acti it during 2020, for e ample, “Ma e”. Follo ing the collection of all the ictims’ details from the ransom are groups’ ebsites, e anal ed the data b checking each ictim and erif ing the accurac of the information published by the cybercriminals. This process was necessary, as some groups published inaccurate names and some only published the URL of the ictim’s ebsite. We took the anal sis a step further b classif ing each ictim b country and industry. While some groups published the location of their victims, not all of them did. This required manuall åfnding out and erif ing the headquarters or head oãfces of the ictims. With regards to industr classiåfcation, e used 18 key industries (see appendix A). In addition, as some groups published their activity online, we were able to build a timeline of publication dates that helped us to shed some more light on the timing of the attacks. 1.1 METHODOLOGY 1.2 DATA COLLECTION 1.3 ANALYSIS AND CLASSIFICATION 5 | The Ransomware Landscape