> Their business model relies on them being honest.
Truthful at least, "honest" isn't a word I'd use for these types.
> So far, I haven't heard of major instances where ransomware gangs didn't fulfil their part of the bargain.
The point is that you wouldn't. They can't publish the data or publicize its sale, but (if they were willing to invest the time) they could still sell it privately, or use it themselves to further attack/exploit you without you ever being able to trace anything back to them directly. They could wait months or years if they wanted and still find value in it (bait for use in spear-phishing for example).
Truthful at least, "honest" isn't a word I'd use for these types.
> So far, I haven't heard of major instances where ransomware gangs didn't fulfil their part of the bargain.
The point is that you wouldn't. They can't publish the data or publicize its sale, but (if they were willing to invest the time) they could still sell it privately, or use it themselves to further attack/exploit you without you ever being able to trace anything back to them directly. They could wait months or years if they wanted and still find value in it (bait for use in spear-phishing for example).