Why would they pay? It's a 10-year-old game that's the second best selling game of all time. Rockstar made their money, and there isn't anything a competitor could use to gain an advantage. It's almost good because it's free press for GTA VI.
The vast majority of those sales are for GTA online, which this leak doesn't inherently give you access to. I don't see this leak financially harming Rockstar more than the cost of the presumed ransom, people still have to pay to play GTA online.
If they cared about their customers they would pay to stop them (us) getting pwned with numerous 0-day vulnerabilities that no doubt exist in a 15 year old code base that had never seen the light of day.
source leaks damage things aside from profitability.
this will just serve as yet another feather in the cap for the exploit/hacking/modding community; and a lot of THOSE people make cash by selling exploits.
If rockstar cared about cheating ( they don't ) this would throw a big monkey wrench into that effort, obfuscation is half the battle in a game where book-keeping like an MMO would be performance prohibitive.
2) Hackers exfiltrate data from the target (this could be source code, database dumps, employee records, emails, or any combination of the above - basically anything that could be seen that has value to the company staying private.
3) Depending on the model used, the hackers either privately or publicly informs entity they have their data and unless a payment of X if made the data will get leaked or sold to the highest bidder.
I don't understand how anyone would ever pay. There is nothing guaranteeing you the hackers actually destroy their copy of the data on payment, so they could just come back and ask you for another payment every few months.
Or are we really supposed to believe these criminals would follow some sort of made up honor code?
You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).
However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.
But there is another "maybe" to consider (OP did ask for a brief explanation so I didn't go into all possibilities), did they encrypt the data? If they did and entity no longer has access to it they then have two options 1) restore the data from backup (if they had them and can restore service in a reasonable amount of time) / write off any data loss 2) pay up for the keys.
With no reputation, you’re presumably less likely to have victims pay up. You want to build reputation so you can get consistent profit from these extortions.
Aren't they all anonymous, though? So they could just change their name for the next operation. Maybe all these groups are already the same people behind the scenes.
You're missing the incentives. They /could/ change their name each operation, but then, as you note, the target would have reduced motivation to actually pay. By keeping their name, and keeping their word, customers are more likely to pay in the future, because there's a history of good faith transactions. And, of course, a group that is relying on their reputation like this must police their trademark and prevent other groups from abusing it.