back to article Wait, STOP: Are you installing Windows 10 or RANSOMWARE?

People aren't good at waiting for stuff, and with computer users queueing up to download Windows 10, ransomware purveyors have started to move in. CTB-Locker This is going to be expensive ... Cisco's security team has noticed a new spamming campaign attempting to spread the CTB-Locker ransomware using emails purporting to …

  1. Mark McNeill
    Stop

    "Windows 10 is familiar and easy to use".

    Yeah, like that's going to fool anybody.

  2. Shadow Systems

    Windows 10 is Ransomeware?

    *Cough*

    1. SteveK

      Re: Windows 10 is Ransomeware?

      It's certainly hard to swallow. Still trying to work an Amazon reference in though.

      1. Anonymous Coward
        Anonymous Coward

        Re: Windows 10 is Ransomeware?

        It's certainly hard to swallow

        An African one? I fart in ze general direction of Redmond.

    2. Anonymous Coward
      Anonymous Coward

      Re: Windows 10 is Ransomeware?

      Looks like Windows 10 should be renamed Windows Google edition given the amount of spying it does on you. At least Google give away their products in exchange for loss of privacy rather than charge $199.99 (pro usb edition) for the privilege, hell I can buy a chromebook for $199.

    3. P. Lee

      Re: Windows 10 is Ransomeware?

      That's unfair its free for the life of the device.

      Office365, however.... yep, that looks like ransom-ware to me.

      1. Chairo
        Devil

        Re: Windows 10 is Ransomeware?

        That's unfair its free for the life of the device.

        They promised that for Windows 10, all right. But what about the Microsoft account? At the moment it is not strictly needed... yet.

        My suspicion is that they will keep on herding their users into Microsoft accounts and at some point start charging for them in one way or another. It would only be logical if the account would be necessary to receive updates and if you want control about updating you have to pay for a "plus" account. Some scheme like that is more than likely.

        At that point Windows 10 will indeed change into a kind of Ransomeware.

    4. This post has been deleted by its author

  3. Christoph

    It would only be surprising if this had not happened. And Microsoft must have known this when they set up their upgrade system and sent out all those registration messages.

    1. h4rm0ny

      Yeah, people should stop releasing new products until they've found a way to stop thieves putting its name onto their malware. These companies are just lazy.

  4. Anonymous Coward
    Anonymous Coward

    What really troubles me is that several decades after the first hard drive crashed, we still have people who don't back up their stuff.

    1. king of foo

      I could say the same thing about condoms... the human race should be long gone!

      People must REALLY value their porn collections... what troubles me is exactly what it is people have to lose... Family photos/videos?

    2. Hans 1

      >What really troubles me is that several decades after the first hard drive crashed, we still have people who don't back up their stuff.

      Well, what use are encrypted backups? It will certainly encrypt your backups if you do not disconnect the drive prior to installing the ransomware, and who does that ?

      Windwows 10 is ransomware, you will see come 2016 ...

  5. jonnycando
    Facepalm

    An idea

    So if you fall for this. Remove hard drive, put new one in, and restore your backup. You did make backups didnt you?

    1. Anonymous Coward
      FAIL

      Re: An idea

      And if it's encrypted your backups?

  6. Winkypop Silver badge
    Facepalm

    Sits nervously....

    Awaits call from family, friends who have self appointed me their Help Desk....

    1. Anonymous Coward
      Anonymous Coward

      Re: Sits nervously....

      Hey Winki,

      I've a problem.

      Uncle Ned

      1. Winkypop Silver badge

        Re: Sits nervously....

        We don't talk to Ned's side of the family....

        1. Anonymous Coward
          Anonymous Coward

          Re: Sits nervously....

          And we dont talk to you unless we want something. Fix my PC now or I'll call your mother / shit on your lawn / shoot your dog.

          Uncle Ned

  7. Arctic fox
    Headmaster

    Are any of us surprised?

    How often, for example, have we seen articles in the mainstream press warning their millions of readers against doing anything other than delete any e-mail allegedly from their bank asking them to use this link to etc.? How often have the banks themselves written to their customers (via snail mail) telling them that any such e-mail is bogus and should be deleted immediately? A certain percentage of the great techno-ignorant unwashed cannot be told. I have already had to warn a couple of chums who regard me as their gratis sysadmin that they should under no circumstances download from unofficial sources. Their response was to winge about having to wait more than a couple of days despite it being carefully explained to them that we are talking about countless millions of machines that simply cannot be upgraded overnight. I am sorry to say that you just cannot get through to some people regardless of how hard you try.

    1. BobRocket

      Re: Are any of us surprised?

      It doesn't help that suddenly our bank is employing digital czars (pr people) that exhort elderly and inexperienced users to search for promo codes and click on the links, I mean how f'in stupid is that ?

      1. ecofeco Silver badge

        Re: Are any of us surprised?

        Exactly. BobRocket. My bank spams the fuck out of me. They and their customers are literally sitting ducks. Needless to say, I've been looking for another, but it seems they have all lost their minds.

    2. Ken Moorhouse Silver badge

      Re: Are any of us surprised?

      Big companies don't think things through. BT for example use a domain called custhelp.com for certain support. Look at the whois for it you will see it is not a BT domain.

      (1) How is the man in the street supposed to understand that it is ok in certain circumstances to break the rules about clicking on unfamiliar links?

      (2) If a "rogue" organisation successfully dupes custhelp (apparently part of oracle) into accepting their media, and serves up dodgy links to people, their penetration will be far-reaching because advisors will say "oh yes, custhelp.com is legit, click on the link." The rules will change because of this: you not only have to look at the domain you are clicking into, but the sub-domain as well.

      1. Vincent Ballard

        Re: Are any of us surprised?

        Or Nominet, who back in May sent an e-mail to everyone with a domain under the .uk CCTLD (including those with .co.uk etc. domains) saying

        "You now have access to an online account with Nominet that you can use to manage some other services associated with your .uk domain names (for example to transfer your domain name or check your registration details).

        "Please follow the link below to access your online account and confirm that your contact details are correct"

        According to their customer support this was a genuine e-mail rather than a phish, but it fails every sniff test.

    3. This post has been deleted by its author

    4. Stoneshop
      Boffin

      Re: Are any of us surprised?

      I am sorry to say that you just cannot get through to some people regardless of how hard you try.

      Tried a sledgehammer, a pickaxe or the aptly-named Stanley Fubar (XL, preferrably)? The diamond-blade water-cooled saw I have eats 10cm concrete for lunch, so a luser's cranium should be no problem at all.

      (safety glasses icon, for obvious reasons)

      1. PNGuinn
        Joke

        Re: Are any of us surprised?

        What's wrong with an old fashiomed LART? Or a cattle prod?

        Keep your fubared pickaxe off my cranium, Stanley!

        What next? - Internet connected sledgehammer?

        1. Stoneshop
          Mushroom

          Re: Are any of us surprised?

          What next? - Internet connected sledgehammer?

          The RLART suite, culminating in the OADS (Orbital Anvil Delivery System - Fiat Iustitia Caelo Ruato)

    5. Chairo
      Coat

      Re: Are any of us surprised?

      Dear customer, we send you this mail in order to inform you, that we will never request your PIN, address and other personal data per e-mail.

      For legal reasons please confirm reception of this notification by clicking on below link and following the notification process.

      <link to payload on spoofed page>

      yours sincerely

      your bank

  8. JakeMS
    Joke

    Difference?

    So..... Explain to me again what the difference between the two is?

    Oh.. you want to play a windows game without ads? Well that's gunna cost ya extra fool!

  9. Anonymous Coward
    Anonymous Coward

    Confused me

    From the title I thought this was going to be an article examining the potential impact to users of relying on an OS which may at some time require further payment for it to be used (Microsoft's words on Windows As A Service etc. haven't been clear enough to make that not something to be concerned about).

    Add in the use of Bitlocker with keys held on Microsoft Accounts and you could have the makings of "Windows 10 = Ransomware".

    Tin-foil hattery and FUD, I know. But it's the weekend.

    1. Slef

      Re: Confused me

      my thoughts as well on seeing title, but better expessed than I could at this time on a weekend!

  10. Anonymous Coward
    Anonymous Coward

    The clock is ticking

    Next year is when nickel and dimeing will really kick in. 9.99 to play solitaire? how much to use the calculator? The real cost will be revealed. Sky used the same tack when they got F1. Free in the first year and now an arm and a leg. No matter how many times you fool people they still fall the same old stunts.

    1. cosymart
      Headmaster

      Re: The clock is ticking

      You spelt c***ts incorrectly :-)

      1. JonP
        Headmaster

        @cosymart

        So did you! ;-)

        1. Aqua Marina

          Re: @cosymart

          He used the LIN spelling variant.

  11. ecofeco Silver badge

    If you run the numbers, it's no surprise

    First let me just say that ransomeware and it's creators must die.

    That said, it's no mystery why they do it. A chance to make 100s of thousands up to a few million in a month is one hell of motivator.

  12. channel extended
    Joke

    This is acually.....

    Microsoft is actually testing their new Windows 11 upgrade path . After you install the free crap and get tired of being survielled, then you upgrade to the cryptolocker version!

  13. Anonymous Coward
    Big Brother

    hey, the staff at GCHQ/NSA enjoy a giggle putting out this stuff.

  14. Jeff Lewis

    Interestingly, the 'typos' look like the errors caused by someone creating their texts on a Macintosh. You see them a lot on websites or emails.The Mac has two modes for text, unicode or Apple's older representation for accented text which includes proper quotes and single quotes.

  15. Anonymous Coward
    Anonymous Coward

    Re. ransomware

    Why isn't this sort of fraud viewed as seriously as terrorism already?

    1. h4rm0ny

      Re: Re. ransomware

      Because one is usually an attempt to kill someone and the other may lose you some possessions?

  16. Andrew 6

    "Williams told the Reg that it also demonstrates its efficacy by showing a complete list of encrypted files and offering to decrypt five of them for free."

    Could this be used to determine the decryption key?

    1. DavCrav

      ""Williams told the Reg that it also demonstrates its efficacy by showing a complete list of encrypted files and offering to decrypt five of them for free."

      Could this be used to determine the decryption key?"

      Sort answer: no. If it could, then anyone with both the plaintext and the cyphertext could be able to work out the key. But since this is public key encryption essentially, anyone can generate cyphertext using their own plaintexts. So no real help I'm afraid.

  17. JoeKrozac
    Mushroom

    A serious question here ...

    Regardless of one's views about Microsoft, the topic of ransomware is one that has always enraged me, not due to the antics of the extortionists who send out this crap, or the mindless victims who will click on anything without thinking, but for the failure of governments to take effective action. What would be effective?

    First, use every technological resource (NSA, GCHQ, etc) to track down the culprits (difficult? yes, impossible? no) and then literally execute them after establishing their guilt in a courtroom.

    Second? Make it known that ANY individual anywhere on the planet that engages in such data extortion via encryption/ransomware is going to be KILLED. That's right, kill the no-good sons o' b*tches, kill them with extreme prejudice, kill them with a smile on our faces.

    Why should they be permitted to continue wasting oxygen? What do they contribute to society?

    Kill them.

    1. Fatman
      Devil

      Re: A serious question here ...

      <quote>That's right, kill the no-good sons o' b*tches, kill them with extreme prejudice, kill them with a smile on our faces.</quote>

      For sport, they could be fastened in an electric chair, streamed live over the internet; and a url published to 'finish them off'. Enter the right hexadecimal code, and the relay closes, and they get fried. They will "sweat bullets" waiting for the end to come, which will make the current flow through them even better.

      Now, ElReg, where is that evil bastard icon???

      Then again, you could always use one of these:

      http://www.theregister.co.uk/2015/08/01/fda_hospitals_hospira_pump_hacks/

  18. svien_m

    Frustrations against ransomware are justified

    Lots of comments on this thread trying to link ransomware to terrorism / asking for the death of said individuals. While I do agree with your anger (former Cryptowall victim here speaking) I think that they are more of an organized crime, rather than terrorists. In order to qualify for the terrorist title, wouldn't they need an ideology to back them up first? Not that it should diminish their punishment in any way, but I think we should call them what they are: criminals.

    As for the downloading of Windows 10, I have not encountered any of these cases yet, but I cannot say that similar cases haven't happened to me. The emails look so real and legitimate, that even people who are supposedly tech educated can fall for it. We've implemented a software (Rollback Rx) to combat these kinds of situations, in where even if the user were to fail our security systems, we can still preserve our computer's and network's integrity. Rolling back has really cut back on our maintenance and security costs, without having to compromise quality.

    1. Ken Moorhouse Silver badge

      Re: Rollback Rx

      Impressive spec. My worry with a product like that is to do with the underlying hardware. It looks as if a layer is being created between the file system and the hardware platters which manages things. Presumably it will cope with hot-swappable RAID disks, but what if a normal pc's hard drive develops bad sectors, etc. would I be able to stick the drive in another pc, for example, to recover the data?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like