Yes I have the same suspicion. It is way harder to maintain a certain volume of DDOS, and some people use services to keep them online during a DDOS. Spending your time on a single action, encrypting, and keeping a company hostage without further energy I think is more, what's the word, efficient for those bad actors.