How/why did you pick these 7?
Using your link: Ukraine, USA, UK, Brazil, & India all rank higher than Iran and Belarus. US & Ukraine rank higher than Nigeria and Romania.
We (a US org) block all countries listed on the OFAC list
https://ofac.treasury.gov/sanctions-programs-and-country-inf...
Those countries likely have a higher chance of real traffic as well. If I’m doing business in Nigeria then obviously I can’t block it even if it ranks high on the threat level.
Yes, obviously you don't block the countries you plan to do business with. I got that much.
It probably makes sense to leave the US out of the list, assuming the CableNinja is in North America.
The rest seems pretty arbitrarily chosen, though. JumpCrisscross gave no additional context to why they left out Ukraine, Brazil, India, UK, when picking countries from the list they linked. They have higher cybercrime index ranks.
Whether they have a higher chance of "real" traffic is highly dependent on the business in question.
I'm sure there is some amount of thought behind the choice, beyond just using the index, which is why I'm asking.
Let me throw out a guess: Ukraine is a wartime ally, Brazil is the seventh largest country in the world, India is the first, and the UK speaks English and has a lot of connections to USA.
They're each also popular IT outsourcing destinations who aren't sanctioned. You may not do business in Ukraine or Brazil, but chances are one of your customers or contractors do, and blocking those IPs isn't usually in the first or second swipe. (If you're blocking the UK and India, you're probably blocking all foreign IPs.)