Am I crazy in thinking that there's zero chance Github would pay a "ransom"? Seems like they'd just work with their vendors/providers and mitigate it to avoid setting that precedent (making them even more vulnerable to future attempts).
The attacker's bet is that they can apply pressure beyond the victim's ability to mitigate. If they win that bet, the victim may reach a point where paying out is preferable to the lost business they'd suffer because of the attack.
