"So what’s the latest advice? Security experts have a few recommendations.
1. Attend to your systems’ security
The first line of defense is to not get infected by ransomware. Users should avoid clicking on links or opening attachments in suspicious email messages and beware of dodgy Web sites, but also harden their systems. Update your software regularly, especially the ubiquitous code often targeted by attackers, such as Adobe’s Flash, Oracle’s Java and Microsoft’s Office formats.
In addition, users should maximize their chances of detecting malware, which is changed frequently to try to avoid security software. “There is a lot of money on the line, so these guys are working hard to keep their malware dynamic,” Sophos’s Wisniewski says.
Users should make sure to turn on the advanced settings in their security software, he says.
2. Back up your data
Historically, security firms have recommended that that businesses and consumers restore their files from backup, but not all businesses—not to mention consumers—back up their files regularly, leaving payment as the only option. In addition, it is often cheaper for a company to restore files using the encryption key rather than from backups.
“We always tell people to have backups and we tell people to never pay, but that is not always realistic,” says Chester Wisniewski, senior security advisor with security firm Sophos.
The FBI recently gave a nod to this reality. Joseph Bonavolonta, assistant special agent in charge of the Cyber and Counterintelligence Program in the FBI’s Boston office, told a recent conference, “To be honest, we often advise people just to pay the ransom.”
3. Encrypt data even on your own hard drive
Even security experts have had their files and email stolen by hackers and posted to the Internet. Increasingly, businesses are encrypting their most sensitive data and any sensitive email discussions. While encryption will not necessarily protect the content of messages, if the computer itself is compromised
This step is not foolproof, but it does add another hurdle for the data thieves."