incrediBILL - 5:50 pm on Oct 20, 2010 (gmt 0) [edited by: incrediBILL at 5:55 pm (utc) on Oct 20, 2010]
What would you do?
I've been DDOS'd more than a few times so this is old hat ;)
First, I'd find a better host that can mitigate a DDOS instead of just moving you to the "high performance server". Any host worth their salt should be able to put a stop to this unless it's using a very large botnet without repeating IPs, and even then it may not be that complicated depending on the nature of the attack. Why I say move to a better host isn't because of your attack, imagine they attack someone else on your shared server or on the network. If these guys can't mitigate your attack then you'll suffer when some other site is attacked as well.
Second, I'd report it to the FBI cyber crime unit [ic3.gov] as an extortion attempt.
Lastly, ignore them. They'll get bored and move on.
You might lose a few dollars but it's cheaper than caving to extortion because extortionists might return to milk you again, and again, and...
[edited by: incrediBILL at 5:55 pm (utc) on Oct 20, 2010]