> There is nothing to guarantee that attackers will destroy the data and not further exploit it even if you pay them
Their business model relies on them being honest. If they don't follow through on their promise of destroying the data they'll kill the ransomware market entirely. So far, I haven't heard of major instances where ransomware gangs didn't fulfil their part of the bargain.
> Their business model relies on them being honest.
Truthful at least, "honest" isn't a word I'd use for these types.
> So far, I haven't heard of major instances where ransomware gangs didn't fulfil their part of the bargain.
The point is that you wouldn't. They can't publish the data or publicize its sale, but (if they were willing to invest the time) they could still sell it privately, or use it themselves to further attack/exploit you without you ever being able to trace anything back to them directly. They could wait months or years if they wanted and still find value in it (bait for use in spear-phishing for example).
Their business model relies on them being honest. If they don't follow through on their promise of destroying the data they'll kill the ransomware market entirely. So far, I haven't heard of major instances where ransomware gangs didn't fulfil their part of the bargain.