It is virtue signaling, especially considering the fact that doing the hard to swallow thing of paying the ransom would probably be the best outcome from a customer perspective.
Yes there are negative externalities in funding ransomware operations, not paying is still much more likely to hurt your customers than paying.
Doing the positive externality thing at expense of your bottom line is to be praised. It is not ‘virtue signaling’ - it is actually doing a virtuous thing.
Very small positive externality at the expense of their customers. Probably doesn’t even come close to balancing out.
Besides, if they were genuinely interested in positive externalities they would be spending the money lobbying for a ransomware payments ban and not donating to universities.
Paying ransomware fines is never the smart move to do unless you happen to trust what cyber criminals tell you.
You send them the payment, they tell you they deleted the data, but they also sell the data to 10 other customers over the dark-web.
Why would you ever trust people who are inherently trustworthy and who are trying to screw you? While also encouraging further ransomware crimes in the future.
Yes there are negative externalities in funding ransomware operations, not paying is still much more likely to hurt your customers than paying.