[lkowalcz]

The hacker actually has incentive to fulfill their end of the bargain. If they didn't, the victim might go public with this, and then no one would ever pay the ransom.

The hacker wants to be trustworthy here so that new victims will be more likely to pay the ransom because they believe they will actually get their data back.

[Evolved]

What's stopping a victim from paying the ransom and still going public and asserting that the ransomer didn't decrypt the hard drive which hurts the reputation (ha!) of the ransomer and causes other people not to pay?

This might be one of the smarter moves to make so long as you kept your identity as a victim anonymous so you don't get retargeted by the ransomer.