Financial companies are facing extortion threats from hackers who threaten to knock their websites offline unless firms pay tens of thousands of dollars, an FBI agent told MarketWatch Thursday.

More than 100 companies, including targets from big banks to brokerages in the financial sector, have received distributed denial of service threats since about April, says Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office. With these types of attacks, known as DDoS, criminals jam websites by flooding them with useless traffic.

Read:The financial industry’s biggest cyber fears

The ransom requests typically run in the tens of thousands of dollars and in some cases, the companies have paid up, Jacobs said. If firms have already traced the ultimatums to identify likely culprits, they can determine whether those criminals have historically followed through with threats or backed off if a target doesn’t pay up. In some cases, when companies fork over cash, they end up facing further attacks because they proved they’re willing to engage.

“There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs says. He says not all targets have experienced actual attacks.

Also read:New ransom demand: Pay us in bitcoins

A distributed denial of service outage could mean losses of more than $100,000 an hour for financial companies, according to Neustar, a Sterling, Va.-based information services and analytics company.

Banks faced an onslaught of DDoS attacks in 2012 and 2013. Last year, the Federal Financial Institutions Examination Council, which includes five U.S. banking regulators, issued a six-step requirement that institutions must follow to fight these cyberattacks, including monitoring Internet traffic to detect assaults and building incident-response plans to communicate with the sector, Internet providers and customers.

In January, hackers released the information of about 30,000 clients after Banque Cantonale de Geneve in Switzerland refused to pay a $12,000 ransom, according to Bloomberg.

Don’t miss:6 ways the banking industry could improve on cybersecurity

Jacobs says the FBI does not advise or direct firms as to whether or not to pay the attackers or let their websites go down.

“How important is that access to that website to your business? They have to make their own calls,” Jacobs says. “If you’re a discount broker and that’s the only way your customers can trade, that would be a concern. If it’s just a website that’s used for general news and information, maybe it’s not so difficult to have it down for an hour or two.”

Read:Why your money may be safer with small banks