This is always the game theory of ransoms, and it is a classic example of a collective action problem (and is a form of a prisoner's dilemma).

Each individual company is probably better off paying the ransom, but everyone would be better off if no one paid a ransom.

This is why the United States, for example, has an official no-ransom policy, and why other no-ransom policies exist. You have to have something forcing the individual victim to not pay, otherwise they will always be incentivized to pay and ransoms will continue to be profitable.

https://en.wikipedia.org/wiki/Collective_action_problem

https://en.wikipedia.org/wiki/Prisoner%27s_dilemma

I'm not sure that attacker reputation is particularly meaningful. The group can rebrand into a new identity at any time. They're anonymous cybercriminals after all and there are lots of reasons they might need to do that beyond reputation laundering.

The calculus for the victims doesn't seem to change much whether the same people are using a "new" name or an old one to hold their systems hostage.

If we assume a world where ransomware is continually existent and all your data is ransomed at anytime, we'd have a world designed to work around that.

We'd either end up with a Discworld "Ransomware Guild" that you pay "insurance" to and they murdicate anyone who dares do extracurricular data ransoming, or you'd have systems build on end-to-end encryption where the data is worthless.

An idea I idly thought about is that of a "Benevolent Terrorist"[0]: one who does great harm to some number of people so that they may make it to a better world. Not entirely original, I suppose, since the Kwisatz Haderach from Dune is the trope definer. But a fun thought I had was what if you ran a ransomware company that just didn't pay? You'd screw a lot of people over but eventually you'd make ransomware a non-business the better you impersonated them and failed to deliver after taking the ransom.

What could go wrong? ;)

0: https://wiki.roshangeorge.dev/w/Benevolent_Terrorist#Poisoni...

What stops a ransomware group copying all data and just selling it piecemeal on the darknet under posibly a different name?

Realistically, the only people that could check that it's true are buyers, and those benefit from keeping a low profile

That operates on the idea that hacker organizations use long term strategic thinking, something the US government and a good number of corporations don’t even practice. I wouldn’t put my money on that.

Another way to view this calculation: if you keep your infrastructure secure and up to date, you (very likely) don't have to pay any ransom in the first place.

> on the other hand, the ransomware groups that want to stay in business need to be honest

I was thinking about that the other day. Honestly I'm not sure it matters. I feel like if a company didn't pay the ransom that would possibly open them up to lawsuits or something because they "tried nothing". At least paying it makes it look like they did something and could be some sort of legal defense. But again I'm not a lawyer.

one issue is that modern ransomeware groups are also being hunted themselves - there are many ransomeware orgs that are themselves being ransomed so are not reliable.

even if you pay the ransom to the 1st group, the 2nd group will leak.

So, maybe we could consider a "White Hat" ransomware group that takes the money and also leaks the data, so that long term no one bothers to pay which ultimately disincentivizes ransomware attacks?