Paying is never a guarantee, and if you pay a ransom, you’re always at the discretion and risk of the attacker.

The only thing this changes is that if you know the specific software that encrypted and if it’s known publicly that it can not decrypt and if you know about that is that you know paying won’t allow for decryption.

It’s the same for paying so they don’t disclose and share exfiltrated data. They’re already doing illegal immoral activities, and you’re hoping they will follow your agreement when you pay. But there’s no guarantee.

This is why the general public guidance is to never pay ransoms. It supports those industries, gives you no guarantees on fulfillment, and whether fulfillment occurs or not, whether your money was not only wasted but will be used for further damage elsewhere, can be considered entirely random.

The attacker’s goal is always betting on despair of the victim, on their grasping on even minuscule hope and at great expense.

Links to two years ago. Surely jpg png or bmp parsers had security issues whatever years ago as well?