[Ancapistani]

The obverse is true - because a ransom organization is dependent upon their reputation, a company claiming to have paid and received confirmation from the group could prevent them from releasing it as well.

The general public (including the next victims) don't have a way to confirm if payment was made. ShinyHunters would have to choose between arguing publicly that they were not paid or not releasing the data to protect their own reputation...

[mlyle]

Good/funny observation. Game theory and economics are fun. :D

I do think that the partial information problem relating to new entrants into this market is interesting though.

The number of potential threat actors with partial/no information but that might speculate based on grandiose visions of ransom or outdated history is high.

We see dumb attempts at real-world ransoms/extortion which don't get paid at a pretty high clip based on this kind of partial knowledge.

[HDBaseT]

It's an interesting idea, although I think in the heat of the moment, the last thing your org should be thinking of will be playing games with one of the most prolific hacker groups on the planet.

You'll probably get your data leaked anyways, potentially get compromised again (see Instructure situation) and end up in a way worse place if you just shut up and paid it, or let it leak normally.