According to a study by the Venafi information security company, victims of extortionate software have no confidence in extortionists, since in most cases extortion continues after payment of the ransom. Thus, 83% of the attacked organizations that paid the required amount were faced with the fact that money was demanded from them again, or even more than once.
The researchers also found that:
The data of 18% of the organizations that paid the ransom are still available on the darknet;
8% of organizations that refused to pay faced the fact that extortionists began to demand money from their customers;
35% of those who paid the ransom never recovered their data.
As for the tactics of ransomware, the researchers found the following:
38% of extortionists blackmail victims by publishing stolen data;
35% of extortionists threaten to publish stolen data on the darknet;
32% of extortionists threaten to inform their clients about the leak if the victim does not pay the ransom.
Victims have several reasons not to trust extortionists. Firstly, most RaaS operations (RAAS extortion as a service) do not last long. Extortionists want to get as much money as possible in as little time as possible, so they don’t worry about their reputation.
Secondly, many partners of RaaS services do not follow the rules established by their managers, and the managers themselves do not follow the implementation of these rules.
Thirdly, even if data leaks did not occur immediately, the remnants of data leaks can persist for a long time in systems with multiple threat actors and almost always sooner or later end up in a wider community of cybercriminals.