But today — a full five days before the ransom demand came due — the company struck back, going public with the demand and promising to withstand any attack criminals attempted. “We apologize for any disruption as a result of these attacks; please know that we will do everything in our power to thwart them,” the company wrote in a blog post today. “But let us reiterate: no matter what happens, we simply will not pay these garden-variety thugs.” (The line was later removed.)
It’s a common scheme for web criminals, who often see small services as more likely to comply with the demands. In recent years, similar attacks have targeted Meetup, Feedly, Fastmail, and even Greek banks, often demanding higher and higher sums the longer sites wait to pay. There are a number of paid and open-source protections against denial-of-service attacks, but unpatched servers and other devices have made it easy for criminals to keep pace, ever larger attacks in recent years.