[tyingq]

"Also gitsbackup.com is registered but has no A/MX records so..."

Gitlab should really note that in their blog posts and emails to users. Just in case someone is thinking of paying the ransom.

[sytse]

We agree that paying a ransom doesn't guarantee any further actions on the part of the attackers. But in our blog post we want to stick to what we know and can influence and not talk about an external DNS record that can be added at any time.