A newly identified ransomware strain, dubbed JanaWare, has been targeting Turkish citizens as part of a targeted campaign that has been active since 2020. This malware is designed to enforce execution constraints based on system locale and external IP geolocation, allowing it to selectively target specific regions. The emergence of JanaWare is indicative of a fragmenting cybercriminal ecosystem, where attackers are developing more specialized tools to evade detection and maximize profits. The JanaWare ransomware operation is notable for its use of geolocation-based constraints, which enable it to avoid infecting systems outside of its intended target area1. The deployment of such targeted malware highlights the growing sophistication of ransomware campaigns, which now often involve careful planning and reconnaissance to identify vulnerable targets. This development matters to cybersecurity practitioners, as it underscores the need for organizations to implement robust geo-based security controls to protect against such targeted attacks.