I think their biggest mistake was to pay the ransom to someone who was abusing your servers by DDoSing them. I'm sure there would be cyber crime agencies that could have helped them track them down. Also, a lot of ddos protection services available online who could have helped them mitigate the attack.
how did they know that they are paying the right group who attacked them and how did they know that the BTC address is for the attackers