Ransomware operators often do their research on their victim to know what assets to go after. Here’s an example where threat actors did their research, but were perhaps too greedy in their demands. Gareth Corfield reports:
The criminals who took out Scotland’s Dundee and Angus College made a ransom demand that precisely added up to the contents of its bank account – and that was no accident, its principal has said……. “The cyber attackers had managed to get access to our bank account and knew how much money we had in it, which was the budget for the whole year. They demanded a ransom of exactly that amount, which we were never going to be able to pay,” Hewitt told Jisc.
Read more on The Register.