Good reasons not to give in to cyber-blackmailers

The platform meetup.com, „the world’s largest network of local groups“ as it calls itself, recently was hit by a distributed denial-of-service (DDoS) attack. Meetup’s co-founder and CEO Scott Heiferman described the course of events, attacks and countermeasures in a blogpost. It all started with this email that he got:
„A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer.“
Heiferman chose not to pay for several reasons that can serve as good advice for other cybercrime victims. He explains them:
„1. We made a decision not to negotiate with criminals.
2. The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay. We believe if we pay, the criminals would simply demand much more.
3. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world.
4. We are confident we can protect Meetup from this aggressive attack, even if it will take time.“
After three days the attacks stopped. The platform is stable again.