I don't think this one was North Korea. And yes, most aren't.
North Korean cryptocurrency hacks are a bit distinctive. Rather than finding logical bugs in contracts, they tend to use traditional spearphishing / social eng to get targeted people to run malware which they try to pivot to stealing keys / access credentials. Then after a hack, most crypto hackers try to obfuscate and store their stole coins on chain somewhere. North Korea already has a large and practiced money laundering network, so after a hack the money immediately starts going to hundreds of different places in the real world, perhaps to mules or to faked accounts in Southeast Asia.
Where's the connection? Ransomware is the other side of the equation: using things like bitcoin to launder money. That's substantially different from exploiting cryptocurrencies.
From my vantage point, it seems to be mostly bored twentysomethings.