Help - RansomWare Attack Notification Received

The extortion email received today (3 Dec. 2018) Spoofed my email address and emailed me through my email account (i.e. my email account sent an email to itself)

The e-mail stated: Quote

I have very bad news for you. 09/08/2018 - on this day I hacked your OS and got full access to your e-mail account.

In the software of the router, through which you went online, was a vulnerability. I just hacked this router and placed my malicious code on it.

When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

The email went onto ask for $750 in Bitcoins, with 48 hours to make the payment. While stating

“If I do not receive from you the specified amount, then your device will be locked.”

End Quote

What I did

I did a HD scan using the protection online server of the software I use and that showed no threats were found during the scan.

I changed the Router name and password. I was unable to change the admin password at this stage.

The I.P. is sending an engineer tomorrow as they couldn’t access the Router remotely.

I cleaned the Mac DNS cashe.

I found that although the sender e-mail address was my own, the Received IP address and dynamic IP in the e-mail source code shows Saratov, Saratovskaya Oblast, Russia.

I am unsure whether this is actually just a spoofed e-mail or an actual attack on the router and my Mac.I am also unsure whether any attempt to make a
Time Machine backup would infect the external HD as well as the backup.

Any ideas for action I can take would be welcome.