Come on, that was a stress situation, their data center was shared and many other companies were feeling the pain. Yes I would also tell them "don't do it", but they made a decision under very high pressure from many sides at once. They since started protecting themselves and I'm sure they won't pay anymore now. I don't see why people keep bringing this up with all the positive things they also do.
By the way, the party that initiated the ddos did stop the attack but a much bigger one took over. Probably state sponsored.
https://arstechnica.com/security/2015/11/crypto-e-mail-servi...