By visiting our site, you agree to our privacy policy regarding cookies, tracking statistics, etc.

Pharos Report No. 2: The Ransomware Trust Paradox

Virtual Routes is pleased to release the second report in the Pharos Series, The Ransomware Trust Paradox by Max Smeets.

​​Ransomware groups operate in a paradox: despite being inherently deceptive actors, they rely on cultivating trust with their victims. This trust – vital to ensuring ransom payments – is premised on assurances that paying will lead to decryption and data confidentiality. Max Smeets terms this dynamic the Ransomware Trust Paradox and argues it is central to understanding the persistence and success of ransomware as a cyber threat.

This report examines how ransomware groups establish trust through branding, reputation, and communication strategies. Drawing on case studies including DarkSide, BlackCat, and Conti, it shows how these groups carefully manage their public image, issue statements to correct reporting, and operate structured ‘customer support’ to appear reliable. Brand diversification further allows them to evade sanctions and re-extort former victims under new names.

Despite this centrality of trust, current government responses largely overlook it. International initiatives like the Counter Ransomware Initiative and Ransomware Task Force have focused on technical disruption and resilience but fail to address the reputational underpinnings of ransomware groups.

Smeets calls for a new counter-ransomware strategy that includes undermining these groups’ credibility. This includes journalist training and the development of a code of ethics for ransomware reporting – drawing lessons from disinformation and counterterrorism fields – to reduce unintentional amplification of ransomware groups’ power and legitimacy.

The report concludes that undermining trust is a critical and underused lever in ransomware policy. A more deliberate approach to how ransomware is reported and understood can help weaken the foundations on which these criminal enterprises rely.

Read the report below.

This report is a part of the Pharos Series, a new series shedding light on cybersecurity and emerging technology challenges. The series aims to offer clear expert insights helping policymakers, researchers, and practitioners navigate evolving threats.

Virtual Routes is pleased to release the second report in the Pharos Series, The Ransomware Trust Paradox by Max Smeets.

​​Ransomware groups operate in a paradox: despite being inherently deceptive actors, they rely on cultivating trust with their victims. This trust - vital to ensuring ransom payments - is premised on assurances that paying will lead to decryption and data confidentiality. Max Smeets terms this dynamic the Ransomware Trust Paradox and argues it is central to understanding the persistence and success of ransomware as a cyber threat.

This report examines how ransomware groups establish trust through branding, reputation, and communication strategies. Drawing on case studies including DarkSide, BlackCat, and Conti, it shows how these groups carefully manage their public image, issue statements to correct reporting, and operate structured ‘customer support’ to appear reliable. Brand diversification further allows them to evade sanctions and re-extort former victims under new names.

Despite this centrality of trust, current government responses largely overlook it. International initiatives like the Counter Ransomware Initiative and Ransomware Task Force have focused on technical disruption and resilience but fail to address the reputational underpinnings of ransomware groups.

Smeets calls for a new counter-ransomware strategy that includes undermining these groups’ credibility. This includes journalist training and the development of a code of ethics for ransomware reporting - drawing lessons from disinformation and counterterrorism fields - to reduce unintentional amplification of ransomware groups’ power and legitimacy.

The report concludes that undermining trust is a critical and underused lever in ransomware policy. A more deliberate approach to how ransomware is reported and understood can help weaken the foundations on which these criminal enterprises rely.

Read the report below.

This report is a part of the Pharos Series, a new series shedding light on cybersecurity and emerging technology challenges. The series aims to offer clear expert insights helping policymakers, researchers, and practitioners navigate evolving threats.

Similar posts

Virtual Routes contributes to second Pall Mall Process conference in Paris

On 3-4 April, the second conference of the Pall Mall Process took place in Paris. The Pall Mall Process is a multistakeholder initiative launched by the UK and French governments to address the risks of commercial cyber intrusion capabilities (CCICs). 
Leggi tutto

Introducing The Pharos Report Series: The Ransomware Playbook and How to Disrupt It

Virtual Routes is launching the Pharos Report Series, a new report series shedding light on cybersecurity and emerging technology challenges. The series aims to offer clear expert insights helping policymakers, researchers, and practitioners navigate evolving threats.
Leggi tutto

Virtual Routes contributes to REMIT annual meeting in Brussels

Virtual Routes continued its central contribution to the Horizon Europe project on Reigniting Multilateralism Through Technology (REMIT) at its annual meeting in Brussels, on 12 and 13 February.
Leggi tutto

Thank you for signing up to our newsletter!

Thank you! RSVP received for Pharos Report No. 2: The Ransomware Trust Paradox

Thank you for applying! We will be in touch.

Apply for: Pharos Report No. 2: The Ransomware Trust Paradox

Pharos Report No. 2: The Ransomware Trust Paradox

Caricamento...

Caricamento…