Comment by jacquesm

Muggers are typically not going to come across the same victim twice and word does not spread that you are 'an easy mark'. So the advice to people being mugged is to simply give your stuff rather than to try to put up a fight.

But extortion is different than mugging. See, in extortion you have a perceived weakness other than that you fear for your life and that weakness has subscription possibilities, unlike mugging people. For instance one simple defence against muggers would be to have nothing on your person. Hard to mug you in that case. But since the ransom victim can't really change the nature of his business (short of removing themselves from being online) they will always be open to a replay.

Individuals are not the parties being extorted here, it's companies with some degree of success and visibility. I pretty much guarantee you that every larger entity online has either been prodded by extortionists or will be prodded in the near future. This is a very large business and everybody that pays makes it a bigger issue because of the perceived easy money drawing in ever more prospective extortionists.

Muggers != extortionists. Blackmailers are extortionists and they always come back until they get stopped through some other means (for instance the authorities) or until you tell them to do their worst.

In the case of one Dutch bank this led to intermittent outages over the course of several weeks but eventually they got things under control and there hasn't been a problem since. If on the other hand they had paid I'm pretty sure that they'd be paying a nice monthly protection fee. "It'd be a terrible thing if something happened to that nice website of yours.", it's just the same tactic as the mob employs against shops.