Another option would be to add a TXT record with the challenge-response to the DNS. Control of the DNS literally means controlling the domain.
That's a planned feature, sadly it was considered low priority for the beta launch. Hopefully it'll be implemented in the next few months though.
It's a bit unusual that the extortion was paid and the attack continued-- it doesn't perfectly match the typical model of typical DDoS-for-ransom attacks.
Did the attack continue, or did the paid-off attacker stop only to be replaced by a new attacker who also wanted to get paid?
Mr. Smith's salary has increased by 350% over the past 20 years. If his original salary was $22,000 per year, what is his current salary?
First change 350% to a decimal: 350% = 3.5
Next, multiply the original salary by the decimal number: (22000) x (3.5) = 77000
After 20 years Mr. Smith's salary has increased from $22,000 to $77,000 per year.
Didn't his salary increase by $77,000, from $22,000 to $99,000?
To simplify it, if his salary had increased by 100% would that mean he was now making $22,000 (their logic) or $44,000 (my logic)?
Save the whales. Collect the whole set.