If you remember ransomeware started out with threats to reveal a supposed activity.

Fake AV programme that charged a fee to let you have a computer back and working was improved by encryption of data and charging a fee to get it back, and of course the reputation that you’d get the data on payment(complete with friendly and competent tech support), was super good at collecting the ransom.

There have been cases of locking the hotel rooms via the keycard system and others -so ransomeware as we call it is really a malicious enterprise business application and toolkit - I’ll decrypt your data, get more residuals in selling secrets and personal data, threaten with disclosure - all I guess considered as reasonable methods by the people living this lifestyle. Of course the calculus requires that someone is pushed into the action - restore the service incident is one option, verses all the horrific fallout that can happen to you and your team if you don’t comply to a threat to reveal x,y,z. As an example many folk in FSI are terrified of regulators, external audit and internal audit and you can see this driving irrational behaviour in meeting and calls on these things before you add an external threat to disclose.

Taking the high ground by pretending to care and reporting the target’s failure to disclose is novel, and we’ll probably they don’t get money but they can always tell anyone else “Well, the SEC would be interested in these three reputable breaches we found… oh you we do an involuntary filing service to ease your conscience for you… What you don’t want to avail yourself of it…? Most irregular, but look we have a subscription plan for this… yeah you can send us personal Bitcoin absolutely! We support Monero and Muskcoin as well and if you’re interested you might as well join the rewards programme.”

Basket weaving pays very little, however I believe that you can retail high-quality artisanal wicker storage solutions at Cracker Barrel.