[tracedddd]

I know that’s what one would expect, but it’s not true. Many large ransomware distributors have a solid record of keeping their word and established relationships with the negotiation firms. Trustworthiness and honesty lead to more payouts and they have no interest in your data or doing you harm, just getting paid.

[stubish]

When the time comes to retire, a criminal can sell the brand name they have built, sell the accumulated data they have backed up, or keep the backup as a bargaining chip. Of course, they might have already needed to leak all the data to the local authorities in exchange for protection. Or their employees might have made copies. Unlike kidnapping, data can be ransomed many times. You are paying just to delay the leak, hopefully until after you have retired and it is someone else's problem or people have stopped caring. And if you never publicly announced the leak, hopefully until after you are dead and nobody can sue you for securities fraud or similar.

[cft]

That can replace PCI compliance then. Sounds like a better option

[mh-]

Good point. I bet the ransomware guys don't care how often my laptop's password expires.