By visiting our site, you agree to our privacy policy regarding cookies, tracking statistics, etc.

Pharos Report No. 2: The Ransomware Trust Paradox

Virtual Routes is pleased to release the second report in the Pharos Series, The Ransomware Trust Paradox by Max Smeets.

​​Ransomware groups operate in a paradox: despite being inherently deceptive actors, they rely on cultivating trust with their victims. This trust – vital to ensuring ransom payments – is premised on assurances that paying will lead to decryption and data confidentiality. Max Smeets terms this dynamic the Ransomware Trust Paradox and argues it is central to understanding the persistence and success of ransomware as a cyber threat.

This report examines how ransomware groups establish trust through branding, reputation, and communication strategies. Drawing on case studies including DarkSide, BlackCat, and Conti, it shows how these groups carefully manage their public image, issue statements to correct reporting, and operate structured ‘customer support’ to appear reliable. Brand diversification further allows them to evade sanctions and re-extort former victims under new names.

Despite this centrality of trust, current government responses largely overlook it. International initiatives like the Counter Ransomware Initiative and Ransomware Task Force have focused on technical disruption and resilience but fail to address the reputational underpinnings of ransomware groups.

Smeets calls for a new counter-ransomware strategy that includes undermining these groups’ credibility. This includes journalist training and the development of a code of ethics for ransomware reporting – drawing lessons from disinformation and counterterrorism fields – to reduce unintentional amplification of ransomware groups’ power and legitimacy.

The report concludes that undermining trust is a critical and underused lever in ransomware policy. A more deliberate approach to how ransomware is reported and understood can help weaken the foundations on which these criminal enterprises rely.

Read the report below.

This report is a part of the Pharos Series, a new series shedding light on cybersecurity and emerging technology challenges. The series aims to offer clear expert insights helping policymakers, researchers, and practitioners navigate evolving threats.

Author

Home

Similar posts

Research & Analysis

Pharos Report No. 4 | Assessing the Impact of Ransomware Interventions and Countermeasures: A Framework

The fourth report of the Pharos Series, a joint project of Virtual Routes and Royal United Services Institute (RUSI), is authored by Max Smeets, Jamie MacColl, Sophie Williams-Dunning and Bob Herczeg.
Read more
Research & Analysis

Three insights from the latest countermeasures tracker update

We have updated the Virtual Routes Ransomware Countermeasures Tracker with over 50 new cases from the period between May and November 2025.
Read more
Research & Analysis

Apolline Rolland presents REMIT research at the 2025 Conference on International Cyber Security

At the 2025 Conference on International Cyber Security, we joined a vibrant discussion on how states, technologies, and private actors are reshaping the boundaries of espionage and governance in the digital realm, representing EU-funded REMIT project.
Read more

Thank you for signing up to our newsletter!

Thank you! RSVP received for Pharos Report No. 2: The Ransomware Trust Paradox

Pharos Report No. 2: The Ransomware Trust Paradox

Loading...

Loading…