Botnets can be used in multiple kinds of cyber-attacks but a common variant is the coordinated DDoS (Distributed Denial of Service) attack. The act of ransoming has been used by cyber-criminals to release a DDoS attack in exchange for money. Such things do happen and considering a small to medium company which may be better off paying cyber-criminals a small sum rather than spending long hours down trying to recover from such attacks. However, I would assume that after such an incident they would put a strong security framework in place as to prevent possible future attacks. As they say, once bitten twice shy! Some organizations loose more revenue in downtime than paying these one off sums and from the business side of things I don’t blame these companies falling for the cyber-criminals requests. However, is it more appropriate if an organization is already prepared to prevent DDoS attacks and stay away from any cyber-criminal dealings!
It is estimated that thousands of control servers managing botnets (groups of infected computers) exist in an ongoing activity by cyber-criminals. DDoS attacks can target various protocols but the most common are HTTP/S, ICMP, and SYN, UDP and DNS floods while modern attacks even go for layer 7 which is the application layer. It is estimated that about 20,000 infected computers with multiple targets could take down over 90% of Internet sites. The image below depicts the motivation behind these attacks: