alt Hacker News> I'm not sure that attacker reputation is particularly meaningful. The group can rebrand into a new identity at any time. They're anonymous cybercriminals after all and there are lots of reasons they might need to do that beyond reputation laundering.
It is very meaningful. You seem to equate that "new" = "trust by default", but a new group is distrusted by default. Let's say that for a new group which is unproven to hold up their end of the deal, only 5% of victims will pay the ransom. But if you've built up a reputation over 5 years of honoring your ransoms, then maybe 50% of your victims will pay the ransom. Reputation is literally everything here. I doubt Instructure would have paid such a high-profile ransom if they didn't have a strong reason to believe it would work.
Agreed.
This is the same problem that crypto addresses in an unregulated market - it provides attestation and continuity, but not much else.
New actors are untrusted. Trust must be built through small transactions until someone trusts you enough for larger transactions. Survive long enough without major reputational harm and you can even offer to act as an escrow service for parties with less trust.