[Crosseye_Jack]

You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).

However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

But there is another "maybe" to consider (OP did ask for a brief explanation so I didn't go into all possibilities), did they encrypt the data? If they did and entity no longer has access to it they then have two options 1) restore the data from backup (if they had them and can restore service in a reasonable amount of time) / write off any data loss 2) pay up for the keys.

[google234123]

Or… they do the extortion thing and then change the name of their group and go again without the untrustworthy baggage

[setr]

With no reputation, you’re presumably less likely to have victims pay up. You want to build reputation so you can get consistent profit from these extortions.

[dest]

Interesting game theory scenario

[setr]

I don’t know if it’s really that interesting; reputation is just a fundamental currency required to facilitate trade when it can’t be guaranteed otherwise — there is in fact an honor amongst thieves.

These arm-chair game theory arguments tend to fall apart instantly as soon as you assume multiple rounds are played.

[neffo]

> However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

The hackers are the real victims here