As reported by ProtonMail itself (archived), the Swiss security theatricians have followed FBI-recommended best practice and caved to the demands of terrorists:
This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail.
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless.
Public notes (archived) associated with the ransom address indicate that the recipient, euphoric from earning fifteen coins at the nosebleed rate of a minute apiece, has distanced itself from the full attack, even seeing fit to return a couple cents. At press time, despite restoring its website (archived), ProtonMail has not updated its Recent News section to clarify its terrorist negotiation policy. We find this a critical omission, given that they continue soliciting donations "via Blockchain", and recommend that bleeding hearts restrict their support to fiat altcoins and free advice.