It is sort of scary, but I had a pretty good idea about what the password might be. After I contacted the service, I got the coins the next day. I used a Protonmail address for communication and stayed anonymous. The replies were only signed “Dave Bitcoin”, so the service stayed pretty anonymous too.
“That guy” has only 10 guessing attempts (and I believe he’s already used about 8 of them) before the drive locks down and reformats itself as oppose to having infinite number of tries with some clues in regards what the characters in the passwords are.
As an FYI, for someone somewhat technically savvy, this isn’t too hard to do by yourself. Just run Kali Linux in a VM or as a LiveDVD and look up some tutorials on using the tools available on there to brute force passwords. This is undoubtedly what they are doing and taking a high percentage of your coins for very little effort on their part.