you need to know all of the hosts that have that file (not always public knowledge)
You merely need to download the file over and over... which causes the renter to run out of money. Same as a DOS attack downloading a web page.
The person doing the downloading is the one paying for the bandwidth, you pay for them in the same network connection. Downloading a file does not take funds from the renter, otherwise the host could just lie about who had downloaded the file (or download from themselves repeatedly from a cheap local connection). No DoS attack here.
forcing attackers to spend significant monetary resources executing an attack.
Attackers always spend the same money that legitimate hosts spend. The "attacker" here is running completely legitimate, full copies of the protocol. The only difference is that they are running multiple docker containers on the same machine... rather than running on multiple machines. There is simply no way to know that outside of IP. Just like a DOS attacker runs a fully legitimate client, so too a Sybil attacker runs a legitimate server.
You are misunderstanding how the Sybil defense mechanism works. Having multiple VMs, or even multiple full machines on different IP addresses, is not sufficient. You also have to have a history of burning coins, and there's a linear relationship between how many coins you've burned and how likely a renter is to select you. If you want to be as likely to be selected as a 10,000TB host, you need to burn enough coins to keep up, and they are (per the siafund fee) burning approximately 10% of their income.
And if you actually have 10,000TB, you haven't performed a Sybil attack at all you're outright a legitimate node on the network.
You can leverage identity to manage the Sybil attack as well, but right now the only real solutions to identification that we have are all centralized in some way. Burning coins is decentralized.