What makes you think they're going to keep their word? You're not signing a contract here, these are criminals! All you're doing is showing you're a soft touch. They'll be back, and they'll demand more money. They'll probably tell their friends, too. Not to mention the moral aspect that by giving in to these people you are directly funding crime.
OP didn't solve the problem and judging by the summary he doesn't believe to have solved the problem by paying up - but hedid buy time to set up infrastructure so he can actually refuse payment on the next collection round. Even if the OP he does ultimately decide to go with the Rackspace solution his $400 investment has saved him $4500 in hosting fees.
How would you have reacted in his situation? And no, "I would have planned ddos protection when setting up the site several months/years ago" does not count. .
The choice is between either paying the $400 in the hope that it will buy you enough time to fix the issue or not to pay and possibly lose out on several days worth of revenue (plus the damage to your reputation - customers don't like companies that provide no or only severely degraded service) while you scramble to find a solution to the on-going ddos.
The submitter might have made a mistake by responding to the demand in the first place - maybe the extortion attempt was not as targeted as he believed it to be and no reaction would not have resulted in a DOS... but that's speculation. Once the DDOS was under way that option was no longer available.
Maybe get off your moral high-ground (not wanting to support crime, never giving in to blackmail out of principle, ...) and do a proper cost/benefit analysis...