Some of the smaller email providers seem to be vulnerable to DDoS attacks, and in at least one case the culprits got a modest payday. I say modest, and although $6,000 isn't hay, it pales in comparison to the millions hackers pilfered from banks in the past. Source: Naked Security.
The email service I've been using lately, Hushmail.com, was one of the victims. They were down for days, and their webpage said they weren't going to pay. DDoS attacks are still probably a threat, but at least they got the service back up and running.
Another case involved Protonmail which has in common with Hushmail a stated policy of attempting to protect clients from prying eyes. According to Protonmail's statement, they eventually paid the ransom due to the pressure they were getting from other companies that were tangentially affected due to use of the same ISP.
Email providers like Yahoo are probablly so big that they're basically immune to DDoS attacks. But the smaller outfits can't easily afford the cost of protecting themselves.
According to the aforementioned statement, the expense of protecting themselves runs about $100,000 annually. It's a racket on both ends.