I got an email threatening to DDOS me if I don't pay a ransom. What should I do?

This article might be important for you: https://ca.news.yahoo.com/armada-collective-ddos-threats-were-212413418.html

Someone has been copying the Armada Collective's email content to scare people into paying, but no attacks have been recorded.

So, possibly, you don't have to do anything.


Based on the following article you may simply want to ignore it. This seems to be a common scam and your e-mail looks almost exactly like the one from the following article.

http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/

Look up the source ISP of the service provider that sent the e-mail and contact their abuse team [email protected]. They may disable the source of the e-mails or alert the unsuspecting customer that may own the machine. Notifying the source ISP is helpful to reduce the amount of this. Make sure you send them an e-mail with full headers. If the source appears to be a compromised system at a large company I would notify them in addition to the ISP. Do this by CC'ing both the company and the ISP at the same time for fastest results. Keep in mind some malicious systems may also be impersonating as a compromised host even though it's not so notifying the ISP may actually be more important than notifying the owner of the system.


Ignore it.

Cloudflare themselves have stated that these are fake - see https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/ I highly recommend that you read this article, as it is a very clear explanation from the front line. The armada collective is a real DDOS group, but some con artists are just using their name to try to scare people. The Bitcoin address is apparently the same on all their emails, which means that they will never know who has paid them.
It is possible to track the amounts paid to a Bitcoin address and it seems they have made over $100K from this scam!

Bottom line, DDOS threats should be backed up by proof (perhaps a DDOS of 15 mins) before you pay up.

EDIT: Just to clarify as it seems from the comments that I wasn't clear enough.
I don't mean to give an opinion whether payment should be made or not. Always have good security, and if a threat causes you to decide to spend money - either by paying the demand or by purchasing DDOS protection that you wouldn't otherwise need - check that the threat is legitimate first by demanding more proof than what might be just an empty threat.