I think their biggest mistake was to pay the ransom to someone who was abusing your servers by DDoSing them. I'm sure there would be cyber crime agencies that could have helped them track them down. Also, a lot of ddos protection services available online who could have helped them mitigate the attack.