It's still impossible to prove the files were deleted even if they don't release after the initial payment. All it takes is a single individual in a group to make a backup or have a default policy of keeping a backup "just in case".

One should assume at this point that it's not a question of whether the files will be leaked but when.

China sure isn't going to advertise buying a copy.

also, governments like china, North Korea , Russia, Iran are basically silent endpoints for this stuff, so assuming it's valuable data, the ransom request should trigger whatever intelligence protocols you have.

The 'when' can be important too, because the sensitivity and value of data generally goes down over time.

> It's still impossible to prove the files were deleted even if they don't release after the initial payment

Often the data isn't exfiltrated at all, only encrypted in place, which should be relatively easy to prove.

Even in that case, do you think the ransom group’s security is better than their target?

Obviously. The surface for such an enterprise is tiny, while a worldwide multinational with hundred of thousands of employees and contractors can't afford that luxury.

They probably have a much smaller attack surface at least.

If they were the tiniest bit decent, they'd delete the files after the ransom was paid.

If they were the tiniest bit decent they wouldn't be working in ransom ware.

If they delete the files, it's not out of decency. It's out of a desire to build a reputation of post-ransom trustworthiness so others will pay in the future.

Yeah! If they were decent people, they'd be nonconsensually taking individuals' data and profiting off selling that, instead.

Believe it or not, it's possible not to scam people at all!

Boeing does this?

If they were the "tiniest bit decent" they wouldn't be ransoming exfiltrated data.

Yes, yes, that's why I said "tiniest".

The likelihood that one particular group will ransom more than a handful of times decreases exponentially as LEO becomes more interested.

What is LEO?

Low Earth Orbit. It has become sentient as more starlink satellites have gone into orbit. As starlink is used to transfer data LEO has become interested in the uses of the data transfer. Being of Lawful orientation LEO doesn't like ransomware, and may at some point use its computational and communication abilities to redirect any ballistic missiles or rockets which are fired into LEO at the points of origin of the ransomware demands.

j/k, of course.

Throw a few [redacted]’s in there and you’ve got yourself an SCP article.

Pity we can't use black bars here, this was such a perfect opportunity.

Or it could use the Low Orbit Ion Cannon.

Law Enforcement Officers. The O maybe wasn’t necessary here

If one group got it, there's no reason to assume another group didn't also get to it first and simply sat on the data. There's also no reason to assume the group holding your data ransom is acting as a single reasonable entity: it could be a group of people, each with a copy, who all have different opinions on what to do.

that may have been true 10 years ago but the vast number of criminals in the ransomware game renders having a good reputation meaningless.

doesnt most of them operate as franchaises these days?