Networking site Meetup.com is fighting a sustained battle against cybercriminals who are demanding a mere US$300 to call off an attack that has kept it offline for much of the past four days.
The site, which enables strangers to meet for sharedinterest activities ranging from parents' groups to software development, was back online but still under attack late on Monday, Meetup chief Scott Heiferman said.
Meetup has refused to pay the small ransom as it believes doing so would make the perpetrators of the attacks demand more cash.
"It's a cat and mouse game," Heiferman said, adding he was not yet sure how long it would take to get the website working reliably again.
A Meetup blog had earlier said the company was a victim of a distributed denial of service (DDoS) campaign, a type of attack that knocks websites offline by overwhelming them with incoming traffic. It said no personal data, including credit card information, had been accessed.
The FBI has been investigating the attack since late last week, when the assumed criminal group first offered to call it off if Meetup paid US$300.
"We made a decision not to negotiate with criminals," Heiferman said in the blog post. "Payment could make us (and all well-meaning organisations like us) a target for further extortion demands as word spread in the criminal world."
Meetup has almost 17 million members and, when online, was signing up between 15,000 and 20,000 people every day.
The site represents a soft target for online criminals, who often attempt to extort money from companies in return for calling off DDoS attacks, said Kevin Johnson, head of cybersecurity consultancy Secure Ideas.
"It's very common for this sort of attack to start off with a small demand," Johnson said. "It's not like Meetup can write a cheque for a million dollars."