M/A has been subject to these same types of attacks. I won't go into how I defend the site from them now but it costs a pretty penny. I do think at times it is a protection racket.
Here's a plausible scenario: Facebook had been warned about the attack, and when it started they were unable to neutralize it. It took them 30 minutes to pay off the ransom...
Unlikely... Companies like cloudflair have huge operations to defend and filter site traffic for their customers... The main issue is server bandwidth is sold with a base level, but you are given a larger temp volume for short times....and you are billed on about the volume if data used at the 95% perciltile ..by the hour for the month....so the few highest peak volumes are tossed out...and you are billed for the volume.... Issue is.... A "organization" says...we can "protect" you for $100 a month.....it would be s shame to have any issues...you say no... They might DOS you...even if you defend yourself, you use bandwidth...pushing up your hosting cost to the next level.... So you get hit with a $2000 extra data fee...so you bump up your base data plan by 50%...and pay an extra $200 EVERY month cause the folks keep on doing random attacks..... Big companies buy protection from "real" organizations who actively protect their network.... But smaller companies that have servers colocated on leased bandwidth have few good options to avoid a possible huge bill...other than an oversized data plan...becomes a arms race....
I was half joking and didn't seriously believe it. But the dramatic possibilities are endless. We can speculate about whether it was an attempt to take down Facebook that got neutralized, or just a warning shot, "Hey, look at what we can do to you. Next time... "