Ransomware groups’ promises of deleting stolen data and providing decryption tools in exchange for payment are often hollow, leaving victims with little recourse. Despite threats of data leaks and reputational damage, victims who pay ransoms may find themselves in a precarious situation, as the actual outcomes rarely match the criminals’ assurances.

Double Extortion Tactics
Ransomware groups employ double extortion tactics, threatening to publish stolen internal data unless a ransom is paid promptly. However, investigations have revealed inconsistencies in these threats, with some groups failing to follow through on their promises to leak data, even after listing victims on dark web leak sites.
Akira Ransomware Group: Empty Threats
One such example is the Akira ransomware group, which emerged in March 2023. Despite its threats, no evidence suggests that the group has ever sold stolen data. Moreover, some victims listed by Akira never had their data leaked, suggesting that the group may not have obtained the promised data in the first place.
Broken Promises and Inflated Claims
Even for victims who pay ransoms, the outcomes are often disappointing. The provision of decryptors, supposedly proof of data removal, and security reports frequently fall short of expectations. Some victims experience delays in receiving decryptors, while others find that the provided decryptors do not work as promised.
Negotiation and Payment Dynamics
Victims are often coerced into negotiating with ransomware groups, with demands typically ranging from 0.1% to 12% of annual revenue. However, victims have some room for negotiation, with reported discounts averaging around 40%. Despite attempts to negotiate lower payments, victims are often left dissatisfied with the results.
Alternative Strategies and Recommendations
Security experts and law enforcement agencies consistently advise against paying ransoms. Instead, organizations should invest in proactive measures such as backup and recovery practices, robust defenses, and incident response planning. While some lucky victims may find temporary relief through decryption workarounds, the long-term solution lies in preparedness and resilience against ransomware attacks.
Leave a Reply