Security researchers noticed a new twist in a recent spate of distributed denial-of-service attacks—when servers are overwhelmed to knock a site or service offline.

This rash of incidents, known as memcached reflection attacks, have included ransom demands hidden within the attack payload, internet services company Akamai researchers revealed in a blog post Friday.

These ransoms include a demand for the cryptocurrency Monero roughly equal to $18,000 tucked in a random string of code, along with the address to the attackers' digital wallet.

DDoS attack perpetrators often attempt to extort their targets but they run into a barrier: the victim's spam filter. This new method of ransom delivery ensures someone—like a security analyst investigating the event—is more likely to see it.

“It’s actually like a DDoS attack with a phishing attack with an extortion attack all rolled into one,” Chad Seaman, a senior engineer on Akamai’s security intelligence response team told Fortune. “When we saw it we were like, huh, clever bastards.”

Researchers aren't sure if anyone has paid these ransoms yet. Most security experts recommend that you don't pay up. That includes the security researchers at Akamai.

"If a victim were to deposit the requested amount into the wallet, we doubt the attackers would even know which victim the payment originated from, let alone stop their attacks as a result," wrote Akamai researchers. "Even if they could identify who'd sent the payment, we doubt they'd cease attacking their victim as it was never really about the money anyways."