Eeny, meeny, miny, moe? How ransomware operators choose victims

This CTU report surveys the ransomware threat landscape, arguing most ransomware is opportunistic and financially motivated while distinguishing state-aligned actors that may use ransomware for revenue, disruption, or to mask espionage; it reviews attacker motivations, victim triage, supply-chain compromise examples (e.g., exploitation of MFT services), notable groups and incidents, and reiterates defensive recommendations (patching, phishing-resistant MFA, EDR, immutable backups).