Scammers are now contacting websites demanding a ransom, or else they will report the site for spamming.
So far it seems to be the usual "pay up or we'll ... well, do nothing and try another victim" routine. It just seems to be a cash grab with no actual activity behind it.
(Not that blackhats can't make a nuisance of themselves, of course. Over the years a number of my email addresses have been repeatedly reported to blacklisting sites in an attempt to shut them down. One of my most common addresses is pretty much completely blocked on GMail unless you whitelist it ...)
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of