Get out of there.
Is it legal - read their TOS. Most likely it was discussed there, so yes, it is legal.
Is it normal - no.

As discussed above - read the TOS. Ask for a backup. Apparently you have an OpenVZ container, you might be able to trade the vzdump archive from them.
However, strange. What kind of load do they mean: on the network, on the disk, on the processor?
Certainly. if you had dd constantly working there or you were mining bitcoin, I can still understand the hoster, but if I were them, I would provide at least some data.

Let them provide the facts of the loads and point to the points in the TOS where the limits are stipulated, etc. In a word - there must be a rationale.

What do you mean by the fact there was no load?
You were ddosed, you overloaded the server and exceeded the limits, you were disconnected.

Is the hoster's actions legal?

Yes, it is legitimate for all cheap VPS, although there are cases when the dediks are turned off, but it is necessary to please under a very serious DDoS or be the source of attacks on purpose or not.
Can you provide logs for monitoring network load, CPU time and disks? Most likely there was a load and not a small one, disconnecting the client = losing it - this is an extreme measure that any hoster is reluctant to take. If you don’t get rid of the reason for blocking, the new hoster will block in the same way, it’s not profitable for him to lose another dozen clients for the sake of you alone, who are buggy due to an attack on you, just because they are on the same node with you.
What to do?
1) Ask the old hoster to open temporary access to the machine for downloading backups, or let them return the image of the virtual machine themselves.
2) Ask the host to provide information on the type and extent of the attack (Very important, without this and your monitoring, you will again move very quickly)
3) Restore data from another host and configure it so that the alleged attack does not cause overload, or ask hosting engineers to do it for you (for cheap hosters - it's for money, for expensive ones per share on a ticket)
4) Set up monitoring of the host yourself .
5) In case of attacks, have an AntiDDoS office in mind to go under protection.
6) It’s not trite, but polite to treat engineers on the side of the hoster, so you can get good advice and help in case of problems, there are also people there and it’s also unpleasant for them to conflict with the client, conflicting clients are usually shoved off to interns and dealt with accordingly, so that to get further FLS does not shine.