Yes, otherwise people would stop paying them. However, I wouldn't be surprised if once they make enough money, they do a type of exit scam: sell anything they can, then leave the business. It happens often in dark net markets.
Most stolen data is very hard to sell for meaningful amounts. Such an “exit scam” would be a waste of time, you’d make more money by just ransoming one more company.
When you’re earning (tens of) millions by extorting companies you aren’t going to be very interested in selling their data for tens or hundreds of thousands.
True, it's probably not worth the time unless they've stolen some very valuable data. Obviously things like plastic surgery pics wouldn't be worth much of anything.
Depends on the clients. I remember a case where a family that hid their daughter's cosmetic surgeries had the marriage annulled when it was discovered by the groom's much wealthier family.
So a lucrative target might be someone who traveled from outside the US to have work done to hide it, especially if they were relatively young.
It’s always possible to come up with an extremely unlikely scenario where the data would he be extraordinarily valuable, but nobody is going to bet hundreds of thousands (or millions, to actually make it worth it for the ransomware gang) to buy the data.
