I was notified by Have I Been Pwned that my Name, E-Mail address, Mailing addresses and phone numbers were dumped publicly online as part of the ticketfly.com data ransom involving 26 million account records. Motherboard reports the attacker requested a ransom of 1BTC (~$7500). It's unclear if the request was ignored intentionally, or overlooked. In theory, it would have cost ticketfly.com $0.000288 to protect my customer record. Now the dark web knows I always buy tickets to see They Might Be Giants.
It's common advice that a blackmailer will never stop asking for more money. It's also safe to assume that just because the hacker doesn't publicly dump the data immediately, she/he will still be selling it on the black market.
However this is a low-cost ransom request. Paying the ransom may buy time to fix the vulnerability, and perhaps could have kept ticketfly online. I'm told that venues cannot buy, sell, or verify tickets for concerts this weekend. This is going to cause probably more than $7500 in damage to every ticketfly venue.
I'd would have paid the ransom.
What would you do?