I heard a story of a person who's laptop got encrypted with ransomware and had to pay 1 BTC to get the key to decrypt it and gain access to his laptop. The police with experts were brought in. They paid the 1 BTC but they used a very low fee. The attackers saw the unconfirmed transaction and sent the key to decrypt the laptop. When they received the key, the experts removed the Bitcoin transaction.
Great story, but I haven't been able to verify it. I'm very interested in the last part if that is possible. If you would choose the lowest fee, wouldn't miners ignore this, but nevertheless it would still be in every mempool on every node I guess?