Last year there was an emergence of threats of DDoS against financial websites (that eventually broadened to others) under the DD4BC moniker.  Eventually that morphed into Armada Collective with both stopping around December of 2015 with the arrest of a minor in Central Europe.  Starting in March, threatening emails resumed from Armada Collective threatening massive DDoS attacks if a ransom wasn't paid.  Occasionally they would use booter services to deliver smaller attacks threatening larger ones.  Over at CloudFlare, there is a good write up on the latest round of threats.  The short answer is that these latest threats rarely even include the predecessor attack, there is just someone who is spamming people with a bitcoin wallet and hoping to get paid (and unfortunately they are).  The moral of the story is that the actors behind sending emails demanding ransom or DDoS are rarely to be taken seriously.  Don't pay.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity