I am not sure that being able to trigger the deletion of all data in one sweep would be of any interest to the attacker. Firstly, if they simply chose to stop ransoming decryption keys, the encrypted data would effectively be deleted anyway, and secondly, deleting the data would foreclose on any prospect of further gains from the attack.
"Due to interference, we are no longer able to process unlock requests. Goodbye."
It's probably easier, as you point out, to have the virus delete its keys and wipe itself out. (And has the added benefit of taking some forensic info with it.)
But in a marketing sense, blaming people interfering with your network for the lost data may make you safer, as many victims are likely to prefer you extorting them to the good guys causing data loss by stopping you.
