There are a number of points here that we can learn from and that point to a growing problem that we need to deal with.
One we need to develop a response plan, on the line of our phone threat plan.
Two, we need to set protocols like we do for bomb threats by phone at airports, before we react, or quite possibly over react.Three, we need to report this, as a consultant let me assure all of you reading this, that you (if you have received a threat by email) are not the only one. We need to realize that others are getting this type of threat as well. Email extortion, is almost at an epidemic proportion at this time. Bomb threats, are just another expanded issue. Threats to shut down systems, or steal information are the two most used.
The threats are working, millions of dollars have been paid, most with out any real valid threat, and as the bad guys figure out that it does work, the more are using it. A big part of the problem is no one, wants to report the threat, so bogus threats are expanding, when if we did report them, it would quickly be determined which ones are valid or not.
On the other side, if you do report in many countries to include the US at the moment, you are opening up your organization to a lot of prying eyes from Local, State, & Federal Law Enforcement. Many firms are just paying, considering it a cheaper way to go, than letting in outsiders to review their systems.
There is another way, banks, airports , schools, need to develop contacts with other organizations to report and check with others to see if they are facing the problem. I and I am sure other consultants are seeing a lot of this, and the relief the clients show, when they find they are not the only ones is amazing.
It is a brave new world, simple things like extortion via tweet attacks are happening all the time. You get an email that says, we are going to start a tweet campaign against your firm, if you do not give us ten thousand dollars. Sports figures, Movie Star's even business & Government executives are all targets, and most pay up, not wanting to cause an issue.