Obviously. The surface for such an enterprise is tiny, while a worldwide multinational with hundred of thousands of employees and contractors can't afford that luxury.

They probably have a much smaller attack surface at least.

If they were the tiniest bit decent, they'd delete the files after the ransom was paid.

If they were the tiniest bit decent they wouldn't be working in ransom ware.

If they delete the files, it's not out of decency. It's out of a desire to build a reputation of post-ransom trustworthiness so others will pay in the future.

Yeah! If they were decent people, they'd be nonconsensually taking individuals' data and profiting off selling that, instead.

Believe it or not, it's possible not to scam people at all!

Boeing does this?

If they were the "tiniest bit decent" they wouldn't be ransoming exfiltrated data.

Yes, yes, that's why I said "tiniest".