Ransomware shops don't sit passively by, waiting for someone to install a trojan. Some of them are actually outsourcing the actual penetration, according to Krebs:
the only reason that's unlikely is because the effort behind this level of conspiracy is just so unnecessary to having a viable business plan
its like yeaaah maaaybe there is one connected and high tech operation that all the world leaders heard about in their whatsapp groups, but my experience with "people with connections" are that they are so low tech and dumb that its almost impossible for them to get the correct clandestine hacker group in play
https://krebsonsecurity.com/2020/10/amid-an-embarrassment-of...
And once you're doing that, you're going to minimax for hi-value, low-risk targets.