Question:

How can I deal with a cyberattack that compromised my personal data and extorted me for money?

I received an email from an unknown sender who claimed to have access to all my email accounts, passwords, and computer screen. They attached a screenshot as evidence and demanded 1200$ in exchange for not leaking my information. I am very worried and unsure how to proceed. What are the best steps to take in this situation?

Answer:

Cyberattacks are becoming more frequent and sophisticated, targeting individuals and organizations alike. One of the most common forms of cyberattack is ransomware, which is a type of malware that encrypts the victim’s files or locks their device and demands a ransom for the decryption key or the unlock code. Another form of cyberattack is phishing, which is a fraudulent attempt to obtain sensitive information such as usernames, passwords, credit card details, or bank account numbers by impersonating a trustworthy entity in an email, text message, or phone call.

If you have received an email from an unknown sender who claimed to have access to all your email accounts, passwords, and computer screen, and demanded 1200$ in exchange for not leaking your information, you may be a victim of a phishing attack. The attacker may have obtained some of your personal data from a previous data breach or a malicious website, and used it to make their email more convincing and threatening. They may have also attached a screenshot of your computer screen as a proof of their access, but this could be a fake or a generic image that they send to many potential victims.

The first thing you should do in this situation is not to panic. Do not reply to the email or click on any links or attachments in it. Do not pay the ransom or provide any personal or financial information to the attacker. There is no guarantee that they will keep their promise and not leak your information or ask for more money. In fact, paying the ransom may encourage them to target you again or sell your data to other criminals.

The next thing you should do is to secure your accounts and devices. Change your passwords for all your email accounts and other online services that you use, especially those that contain sensitive or valuable information. Use strong and unique passwords for each account, and enable two-factor authentication if possible. Scan your computer and other devices with a reputable antivirus software and remove any malware or suspicious files that you find. Update your operating system and applications to the latest versions and install any security patches. Backup your important files to an external hard drive or a cloud service, and disconnect it from your computer when not in use.

The final thing you should do is to report the incident and seek help. Contact your local law enforcement agency and inform them about the phishing email and the ransom demand. They may be able to investigate the source and the identity of the attacker, and prevent them from harming other victims. You can also report the incident to the relevant authorities or organizations that deal with cybercrime, such as the Federal Trade Commission (FTC) in the US, the Action Fraud in the UK, or the Anti-Phishing Working Group (APWG) internationally. You may also want to consult a professional cybersecurity expert or a lawyer for further advice and assistance.

Dealing with a cyberattack that compromised your personal data and extorted you for money can be a stressful and frightening experience, but you are not alone. There are many resources and support available to help you recover and protect yourself from future attacks. Remember to stay calm, act quickly, and seek help when needed.

— : [What is ransomware?](https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html) : [What is phishing?](https://www.kaspersky.com/resource-center/definitions/what-is-phishing) : [Should you pay a ransomware demand?](https://www.zdnet.com/article/should-you-pay-the-ransomware-demand/) : [Report phishing emails](https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams#report) : [Report a phishing attempt](https://www.actionfraud.police.uk/a-z-of-fraud/phishing) : [Report phishing](https://apwg.org/report-phishing/)