A public victim listing tied to MoneyMessage raises the familiar ransomware question: not whether a name appeared online, but whether sensitive client records were touched at all.