Welcome back to the board! I'm truly sorry to hear that you have had to go through such a distressing and invasive issue -- and sadly one that is all too common with the wide variety of attack methods and bad actors prowling around.
I'm sure you may already know most of this, but just in case I wanted to provide some advice to help guard against such attacks. Please keep in mind that the following is more severe than what I'd recommend in general due to the severe extent the attacks you encountered reached.
- If financially feasible, you should get rid of all of your electronic/digital devices that experience network, internet or cellular connectivity of any kind (including peripherals like bluetooth). This includes even things like your internet router. These should all be disposed of and replaced with brand new devices.
- If not financially feasible (which is totally understandable, I know I couldn't afford that) then you should take every step possible to clean and secure every device. This can start out with more conventional approaches such as doing a full virus scan (using multiple products, but only one on/used at a time) and supplementing with things like VirusTotal analysis, but may require more specialized tools to analyze and scrub rootkits or other very specific malware.
- In the case of your internet router, you may want to research specific steps to defend your router against threats like VPNFilter. You may also want to check if you have a CPU that is currently vulnerable to Meltdown, Spectre, or similar highly specialized strains of malware, and take appropriate action.
- Backup all of your data in multiple locations (e.g. online backup service + offline storage drives locked in fireproof safe + conveniently-accessible local backups on USBs) keeping in mind the unique security risks and pros/cons of each. But when it comes to backups, redundancy is key, so have as many backups in as many different secure locations as possible.
- Ensure that all accounts are fully secured with brand new passwords. Each account should have a unique password, so no password should be used more than once. Wherever possible, every account should have 2-factor authentication enabled. This is essential to do for every account, including your email accounts. Your computer itself should have one or more stages of authentication enabled as well as taking any necessary steps to harden against remote access. When using 2FA, it's also essential to avoid text-based 2FA whenever possible due to the SIM-swap attack vector. You can defend against this by using 2FA apps like Google Authenticator whenever possible, or even better investing in a device like a Yubikey to move the 2FA step away from phones altogether. When text-based 2FA is the only option, you can still take steps to defend yourself like contacting your cell service provider and requiring that no one have authorization to request SIM card related service requests or anything involving phone number changes over the phone, and that such things can only be done by you going to a service provider's store in person and providing multiple forms of identification.
- Change all of your personal contact details (phone number, email addresses, etc) and share that information with as few people as possible, and with those you do share it with, make it clear that your privacy is to be respected at all times.
- Lock down social media accounts as much as possible so that as few people as possible can view your information, posts, etc.
- Never download any file unless you are 100% sure it's safe and you 100% trust the individual, organization or company supplying the file, as well as the web service hosting the file. All downloaded files, regardless of trust level should be scanned locally with at bare minimum a primary antivirus product and a backup 2nd opinion scanner, as well as ran through VirusTotal. When further caution is required, you can consider running the application within an amnesic isolated environment such as Sandboxie, or a network-isolated virtual machine instance. If you have no choice but to open a file that may be dangerous, it should be ported to a physically isolated testbed computer that is completely disconnected from any and all wired or wireless networks, bluetooth, z-wave devices, and so on such that any potential malware would be unable to communicate with any of your other devices or the outside world.
- Never click on any links unless you 100% trust where it leads, keeping in mind that links can be easily masked using page data manipulation, link shortening services, link redirection services, and many other techniques. Also be wary of man-in-the-middle attacks that can steal information by interjecting maliciously betwixt you and a legitimate service.
- Never give anyone information unless they absolutely need that specific information for a purpose that serves you or otherwise makes sense. Always report suspicious behavior or activity to law enforcement.
- Take extra care to protect any and all financial accounts and financial matters from tampering and snooping. In addition to any technical measures, this should always include reaching out to your financial institution(s) to put in place as many safeguards/notifications/etc as possible at every level.
This is by no means an exhaustive or comprehensive list, just some of the main things I could think of off the top of my head. I wish you the best with recovering from this and I hope that you never have to deal with such a thing ever again.
Take care, be vigilant, but most importantly have peace in the knowledge that you have overcome this situation and bested any attackers. Not only did they lose in this instance, but they lose many deeper things throughout life as a result of the path to ruination they forge for themselves with the choices they make. I look forward to seeing you around the forum.
