We know where the ransom software comes from. Every last one of them. We just have too many politicians in DC who take illegal bribe money to not take any action. Every polidiot in DC has their hand in foreign cookie jars, bar none.
Almost invariably the source is a foreign country, and the perpetrators are either bribing local officials with a cut of the proceeds for "protection" or they are activity sponsored by the foreign government.
Some principal sources are Nigeria, Somalia (!!), India, Belarus, and China.
Short-lived gangs have shown up in the US, Great Britain, Germany, and Israel. They get shut down pretty fast.
Ransomware operations take a lot of time, and the payoff per-hour is relatively low. So is the risk. The big money is in selling ransomware tools to the would-be pirates. The Russians used to do quite a bit of that. Don't know if they still do.
Bitcoins are traceable to all users, back to inception. It is expensive and time-consuming, but possible. You can't do it, but national governments can. When the hits are big enough, they do.