I recently helped out a site owner who’d been sent an email that said something along the lines of the following (I’m paraphrasing here, but you’ll get the gist):
We [insert hacker team name] have chosen your website for our next DDoS attack. Your site has been hacked and your data is no longer secure. We have your address, credit card details, DNA, medical records, etc. We will publish information to damage your business and attack your servers unless you pay us [x] bitcoins. This attack will start on [insert date within 48 hours of email]. If you do not pay we will destroy your reputation and your website will remain offline forever. There is nothing you can do to prevent this. This is not a hoax. Payment details are as follows, etc.