It’s bad business to not be honest and trustworthy. If a hacker group is known to always give back the data and not strike twice, they are obviously much more likely to get paid. No one’s paying someone known for ripping off. We see this in company ransomwware all the time. They are friendly, helpful in explaining the breech, and professional. If they were the opposite, they’d be broke.

Not ransomware but just ransom to data exfil by a vulnerable API. But paying is still a dumb idea.

I mean news like this is the best way to stop people paying, I hope every business that doesn’t pay sends the hackers this article and says this is why

I’m also curious. A quick search came up with these. Not sure which one is most reliable/updated

• https://www.comparitech.com/blog/information-security/global-ransomware-attacks/
• https://www.comparitech.com/ransomware-attack-map/
• https://cissm.liquifiedapps.com/
• https://cybermap.kaspersky.com/special/ransomware

Anecdotally, the Seattle Public Library is currently recovering from a ransomware attack and still has major systems offline. Of all targets, a public library is a pretty major low.

Closest I can think of would be haveibeenpwned.

It’s what they can do with all of it together. Particularly about calling you and pretending to be a real company, phishing you, because if they called your phone and confirmed your email, name, and home address and order details with you, then it’s likely many people would believe them.