- Execution time is critical! so be FAST!
- What was NOT stolen may be soon in danger?
- Were some informations stolen, that
- may allow to steal more assets?
- do more harm?
- imagine all scenario!
But do not trust ANY of your devices anymore
- windows, mac, linux
- ios/android may be safe if you do not have too much apps installed
STOP USING ALL EXISTING DEVICES, remove any internet access: stop wifi, remove ethernet cables
- get a new device (cheap notebook)
- reuse old device: boot a linux live ubuntu or use tails linux
- Use another iOS device browser
You may want to keep the all disk untouched and remove them for later forensic analysis.
For all the services you were using
Use the new clean environment and it’s browser to secure all services related to crypto
- crypto exchange
Make an paper table to change all services on a new computer
- replace / change email password
- get a new email account
- Change your security questions and LIE with the responses. You dont want a hacker to google that question and find the obvious answer.
- Change all recovery keys / master keys
- Activate 2FA if not done
- check that the hacker has not added any forwarding rule in yur mailbox.
- on some exchange, e.g. bittrex the key stay the same which is not acceptable!
verify in another anonymous browser/sessions:
- that old password dont work anymore
- that old master/recovery key can not harm your account anymore
- that 2FA is active
Dont use a maybe “compromised” computer
give computer to police
create disk images with OSForensic.org if you know how