It was raining and Jessica* (name has been changed) had forgotten her coat. She only glanced at her receipt, the two people waiting behind her for the ATM were growing impatient and she was dripping wet. That couldn’t be right, she thought, there was $10,000 missing from their account. Something was off. Maybe her husband had moved money into their investment account, she remembered thinking.

A couple of days later Jessica went online and noticed the account was down an additional $10,000. Suddenly she realized someone had illegally accessed her bank account, but she had no idea that her whole life was now for sale.

When the Federal Bureau of Investigations showed up at their apartment they came loaded with bad news. Someone had hacked into their family network. Jessica would learn the missing money was the least of their concerns. The hackers had specifically targeted her photos, including bedroom pictures she’d taken for a special Valentines present for her husband. Pictures of their four kids were exposed. Perhaps most alarming to the high-powered couple was that their schedules had been swiped. Details of their children’s school drop-off and pick-up with instructions for the nanny, including teachers’ names and door codes were now for sale on the dark web. The FBI explained the only reason someone would want such specific family information was if they were interested in doing something nefarious, like kidnapping the children. Jessica’s heart sank.

It was terrifying to realize someone had stolen information with the specific intention of creating a complete picture of their lives. Soon enough it became clear that the hacker had access to everything.

Jessica and her husband frantically googled ransomware and learned that Symantec classified it as the biggest threat to cyber security. In many early cases the victim’s information was held hostage for a few hundred bucks and then released. In the case of doxware, where the hacker threatens to expose information in the victim’s digital library, the user still has access to their data, but they also know some stranger has it too.

Jessica* and her husband frantically googled ransomware and learned that Symantec classified it as the biggest threat to cyber security. In many early cases the victim’s information was held hostage for a few hundred bucks and then released. In the case of doxware, where the hacker threatens to expose information in the victim’s digital library, the user still has access to their data, but they also know some stranger has it too.

What happened to Jessica and her family is the newest threat. Hackers are using as kind of ransomware to steal personal information, but the criminals don’t try to extort money from the victims directly, as they did in the past. Instead, they sell it to the highest bidder on the dark web. The $20,000 missing from Jessica’s accounts was an indication that the couple’s information had already been sold on the dark web.

The terrified couple had more bad news coming their way. No one would ever be caught or charged with this theft. The best the FBI could offer was to introduce Jessica and her husband to a firm that specializes in retrieving dark web data. The firm would assist them in buying back their data, if it was still available.

Jessica felt like she was in a nightmare. She couldn’t help but recount all the sites she’d visited, naively assuming they were safe. Any of those games she’d downloaded and quizzes she took on Facebook to see what celebrity she most resembled could have been the payload that infected her machine. Her mind raced through those times she took pictures on her phone and then surfed the web; she’d exposed her family.

Jessica vowed to never be the vulnerable to hackers again. The further she got into her research the more she recognized her earlier mistakes. She didn’t know that her Dropbox files weren’t encrypted, or that her chats were easily accessible to hackers.  She started searching for end-to-end encryption products, like SpiderOak, that offered a much higher level of protection. She liked that they were endorsed by Edward Snowden, who explained that with fully encrypted files even the cloud provider can’t access them. Jessica just wishes she’d known about these services earlier.