As others have pointed out, you can never know who's next. Unless there are some obvious holes in security, determining the next victim is close to impossible. That's why implementing measures preventing attack is one side of the coin, other being nullifying the occurring damage and mitigating any potential risk, patch some holes, etc.
EXMO handled situation pretty well, as far as I can see. Cloudfare is a standard protection measure in cases like these.
I think that global companies can become a victim of such attacks more often than small and unknown platforms. The bigger company is the higher the size of the ransom you can demand. But on the other hand, popular platforms most likely have a proper protection system so it's going to be difficult and exhausting to implement DDoS of such a company.
I'm familiar with CloudFlare protection system a bit so I'm glad to see that EXMO chose this type of protection system to prevent DDos in the future. A lot of companies use this protection nowadays and I've never faced any difficulties using this system.