Mastodawn

When people keep advising victims not to pay ransom because threat actors can't be trusted to really delete all the data, my inner researcher kicks in and wants to know how often that really happens.

So I started sending out inquiries.

Now you might think that those who publicly and repeatedly urge journalists to "spread the word" not to pay would respond and share some of their experiences with untrustworthy threat actors, but no..... they didn't even respond.

Read about the replies I did get, because they really surprised me.

I have no doubt that some professionals will hate what I have reported, but then, perhaps they should have responded, too, if they think differently.

How often do threat actors default on promises to delete data?
https://databreaches.net/2026/04/05/how-often-do-threat-actors-default-on-promises-to-delete-data/

#databreach #incidentresponse #ransom

@zackwhittaker @campuscodi @euroinfosec @lawrenceabrams @jgreig @securityaffairs @Hackread @h4ckernews

Show thread

Daniel AJ Sokolov 17h ago

@PogoWasRight
So I downloaded your article. Then I deleted it. Pinkyswear!

If someone came and asked you: "Did Daniel really delete the copy of your article?"

How could you possibly answer that question? You don't know if I still have a copy or if I'm telling the truth.

Show thread

Dissent Doe

17h ago

@newstik Agreed completely. But should someone be able to assert -- without proof -- that you haven't deleted it, and therefore no one else should pay you?

We need to be honest with victims about the risks -- and that includes sometimes saying, "We don't know and it's a bit of a gamble if you want to take it., but we don't really have any evidence that this group has knowingly lied about deleting data."

Show thread

Fritz Adalis

@PogoWasRight @newstik
I thought companies paid so the data doesn't get leaked in an easy to find and publicized place.