If this is the case, then paying the ransom will turn out to be a stupid idea.
If the threat was to release sensitive information, surely the firm would be asking the attackers for details of the sensitive information they claim to have.
If the attackers come back with nothing then it was just a bluff.
However if the attackers come back with real information
then paying the ransom is just stupid, as the attacker still have the sensitive information and can repeat the payment demands ad infinitum.
If the threat was to release sensitive information, surely the firm would be asking the attackers for details of the sensitive information they claim to have.
If the attackers come back with nothing then it was just a bluff.
However if the attackers come back with real information then paying the ransom is just stupid, as the attacker still have the sensitive information and can repeat the payment demands ad infinitum.