There's a tiny bit of hope in there. The article claims that bots are polling CNC about once an hour (I suppose because they don't want to DOS themselves). So one option is to shift your service to a different domain name every hour, and notify your customers by email that they have to connect to a different host. This might be a lot of trouble, but may still allow you to support existing business relationships which is better than nothing.
It get even better if you're publishing through a mobile app - that one can simply switch from one host to another on the fly without customer even being aware of the problem beyond a slight delay in connection. The list of hosts of would need to be distributed out of band as a tiny payload, either through a high-cost high-bandwidth channel (but in a very low volume, obviously, just the name of the new host), or via DNS TEXT records so that they are hard to decipher reliably and require custom programming and raise the cost of the attack. There might even be hosts that will hold your alternate host list for free, such as the iTunes App Store (app description or even an in-app purchase "description" field).
Speaking of high-cost high-bandwidth providers, I think another option would be to host a CAPTCHa there, and those who solve it, or have cookies to prove that they did, or have logged in with a valid account, get redirected to one from the rotating lists of your normal hosts, with names and IP addresses changing every few minutes. An AJAXy application can then try different hosts in turn or in parallel before following a link.
It get even better if you're publishing through a mobile app - that one can simply switch from one host to another on the fly without customer even being aware of the problem beyond a slight delay in connection. The list of hosts of would need to be distributed out of band as a tiny payload, either through a high-cost high-bandwidth channel (but in a very low volume, obviously, just the name of the new host), or via DNS TEXT records so that they are hard to decipher reliably and require custom programming and raise the cost of the attack. There might even be hosts that will hold your alternate host list for free, such as the iTunes App Store (app description or even an in-app purchase "description" field).
Speaking of high-cost high-bandwidth providers, I think another option would be to host a CAPTCHa there, and those who solve it, or have cookies to prove that they did, or have logged in with a valid account, get redirected to one from the rotating lists of your normal hosts, with names and IP addresses changing every few minutes. An AJAXy application can then try different hosts in turn or in parallel before following a link.