How to defend yourself against cryptolockers:

1. Make backups of your important data every fucking day. Wether your files get encrypted or your hard disk blows up, you will lose a few hours of work, at worst.

2. Tell your company to implement PGP on their email, specially if they are using public mail services. So that every employee will have their own digital signature and will be able to exchange keys with other employees, even physically (if required) to avoid physing and tampering on their mail.

3. STOP DOWNLOADING CRAP ON YOUR COMPUTER. Also do not follow links from any emails not signed and verified, and always keep media attachments disabled on your client.

4. Tell your stupid coworkers to follow these rules. If they dont, put a gun on their head and try again while counting to 3. If they still refuse, pull the trigger.

@enigmatico re: PGP -- implementing it in organizations well is *difficult*. Things that can help *a lot*:

1. set up a Web Key Directory:
metacode.biz/openpgp/web-key-d

OpenPGP-enabled mail clients will (mostly) use it to pull keys automagically. Simplifies things greatly.

2. Consider setting up @sequoiapgp's OpenPGP CA:
openpgp-ca.org/

In large enough organization (say, above 20 people) makes verifying PGP keys of everyone not-impossible.

@Dashtop or, instead of putting your fingers in your ears and shouting "stop using PGP", recognize that cryptographic protection of e-mail is important and needed - and fix it, like @sequoiapgp is doing:
sequoia-pgp.org/blog/2021/06/2

@rysiek It doesn't have to be Signal. People can also use matrix protocol. Rise of Slack, Teams and Discord shows people can work inter-organization with these systems. Militaries, healt and academic institutions in Germany, France and UK are already using matrix, which the only real competetor to the proprietary systems.
I think matrix is far far more secure than PGP ever was today.

The only thing matrix protocol doesn't address is long form of inter-entity messages. And I am tempted to say, it is a client problem.

Sign in to participate in the conversation
Mastodon

This is a brand new server run by the main developers of the project as a spin-off of mastodon.social 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!