Comment by if_by_whisky

Vigilante solution: You could automatically send a ransom request any time you see a company getting DDOS'd by an attacker. If the attacker is also asking them for a ransom (so the company gets two ransoms), you ensure confusion and that the attacker doesn't get paid. Otherwise, you might get paid while the attack happens.

This way:

(1) companies that pay ransoms are AWLAYS punished and it never causes an attack to stop (2) no attacker ever gets paid a ransom