[stavros]

If the bad guys get paid and release the info anyway, they not only make it less likely they'll get paid in the future, they make it less likely anyone will get paid in the future.

Even other bad guys have an incentive to stop these bad guys from leaking the info after getting paid.

[kjkjadksj]

Why not wait a week and take the site down and ransom them again?

[stavros]

Because why would anyone pay anyone if they were going to do what they threatened you with anyway?

[kjkjadksj]

The deal becomes a subscription not indifferent from any other cost of doing business. Great for the hacker. Bad for the IT team incapable of anticipating these attack vectors.

[shlant]

for the same reasons?