Dissent Doe  3d ago

When people keep advising victims not to pay ransom because threat actors can't be trusted to really delete all the data, my inner researcher kicks in and wants to know how often that really happens.

So I started sending out inquiries.

Now you might think that those who publicly and repeatedly urge journalists to "spread the word" not to pay would respond and share some of their experiences with untrustworthy threat actors, but no..... they didn't even respond.

Read about the replies I did get, because they really surprised me.

I have no doubt that some professionals will hate what I have reported, but then, perhaps they should have responded, too, if they think differently.

How often do threat actors default on promises to delete data?
https://databreaches.net/2026/04/05/how-often-do-threat-actors-default-on-promises-to-delete-data/

#databreach #incidentresponse #ransom

@zackwhittaker @campuscodi @euroinfosec @lawrenceabrams @jgreig @securityaffairs @Hackread @h4ckernews

Show threadmillennial fulcrum

@PogoWasRight If I was one of these "ransomware groups with an established brand on the Dark Web" (lol) I would never delete the data because building a "brand," as a criminal enterprise, is just a non-monetiseable soft lever. it's not a real brand. there is no point reducing your criminal enterprise entirely to a front when your income model is extortion. you'd keep the data and on-sell it, regardless of extortion payment.

one of those "logic vs evidence" situations.

logic wins. never pay.

Apr 7 at 12:49pmWeb
Show threadmillennial fulcrum1d ago

@PogoWasRight the evidence is fascinating, and well done.
it is unverifiable that "they delete the data" so I appreciate you focus on observable behaviour instead. all of which is congruent with the reality that extortion is a profit seeking activity, not a damage-infliction activity.

all that evidence is obviously historic. as the extortion "industry" evolves, the inefficiencies in their profit-making that you reported will reduce.

if it does, the conditional advice to pay will be mooted.