Ransomware is more or less out of control. There are many online articles about the topic.
My strategy for avoiding ransomware is straightforward. I am a dinosaur in some ways with how I use computers and the web and thus, am far less likely to ever encounter such software.
- I do not use Windows.
- I install packages only from upstream repos.
- I compile my own third-party packages but only trusted free/libre packages.
- I have a three-tier backup strategy with two tiers being off network.
- Firewalls (iptables) on all systems rather than only edge devices.
- For about 15 years I have been using domain blocking with
- The domain name block lists are updated weekly.
- SSH access is key pairs only.
- For remote access SSH private keys are pass phrase protected.
- VPN certificates are pass phrase protected.
- My Thunderbird email client is configured to disable HTML links.
- Thunderbird is configured to display content in plain text.
- With almost all emails usually I inspect attachment source code separately.
- My Firefox web browser is configured to protect my privacy as much as practical.
- Firefox is configured with a short allow list to avoid the bane of the web.
Thus far many people might not consider the strategy to be noteworthy. Pretty much standard recommendations. Yet consider me a “gumpy old man.” The big difference for me is I am not enamored with any so-called “user experience.” Any time a software vendor or web site developer starts blabbering about “user experience” my baloney detector rings at high volume.
- I don’t care about and ignore dancing pigs.
- I do not give a hoot about social media and avoid related drive-by efforts.
- I have been using computers for almost 40 years and with modesty I’ll say I have half a clue why and how social engineering succeeds.
While avoiding ransomware is a challenge these days, I spend no time worrying about the problem.