These types of extortion scam emails are the hot thing with all the mega-breaches in the past years. There are freely available lists on top of lists of username/password combos out there.
The scammers send 1000's of emails and hope for a 1% success rate. It's a mostly automated process so there's very little investment to get started.
Check this site if you want to know the skinny if one of your accounts was leaked on the internet to be used for this scam,
https://haveibeenpwned.com/
If you find a password you're currently using there,
change it immediately even if it's not from the website or breach indicated by haveibeenpwned.
Last thoughts, I advise my clients to ignore this and other email scams and to NEVER pay a ransom if you happen to be the victim of a scam that encrypts your computers data.
Contact a professional to potentially retrieve your lost data, they might be aware of a decryption method for your particular strain and AS A LAST RESORT, many times he or she will be able to negotiate a lower ransom. A professional will be able to advise and act as your proxy for the transaction, further removing you from the bad guys.
Hope this helps even though I started to ramble a bit.