Re: Clueless and pointless
I work at one of the retailers concerned (and was very directly affected by these attacks).
Judging by the language in the email my guess would be that the attacker is almost certainly not from the UK, quite likely eastern Europe somewhere - so $4000 dollars might go a bit further. Unfortunately it would be very difficult to track them down, email communications were through an email anonymising service in Switzerland, the bitcoin wallet address we received has zero transaction history and was likely created for the purpose.
Naturally we didn't and won't ever pay up for something like this. Apart from anything else, although the attacker promised that when paid they would 'never come back', we have no reason to believe them, and you have to suspect that if you coughed up once your name would be passed around as a target which 'might pay up' in future threats. Plus, damn the little greedy script kiddies, not giving them any satisfaction.
The attacks on us at least were quite significant and caused some major headaches not just for us but for upstream providers, and likely had knock-on effects on others connected to the same infrastructure. The disturbing thing really is how easy this kind of thing is for someone with relatively little technical ability to instigate, relative to how much work is involved in defending yourself from it.