"Windows 10 is familiar and easy to use".
Yeah, like that's going to fool anybody.
People aren't good at waiting for stuff, and with computer users queueing up to download Windows 10, ransomware purveyors have started to move in. CTB-Locker This is going to be expensive ... Cisco's security team has noticed a new spamming campaign attempting to spread the CTB-Locker ransomware using emails purporting to …
Looks like Windows 10 should be renamed Windows Google edition given the amount of spying it does on you. At least Google give away their products in exchange for loss of privacy rather than charge $199.99 (pro usb edition) for the privilege, hell I can buy a chromebook for $199.
That's unfair its free for the life of the device.
They promised that for Windows 10, all right. But what about the Microsoft account? At the moment it is not strictly needed... yet.
My suspicion is that they will keep on herding their users into Microsoft accounts and at some point start charging for them in one way or another. It would only be logical if the account would be necessary to receive updates and if you want control about updating you have to pay for a "plus" account. Some scheme like that is more than likely.
At that point Windows 10 will indeed change into a kind of Ransomeware.
This post has been deleted by its author
>What really troubles me is that several decades after the first hard drive crashed, we still have people who don't back up their stuff.
Well, what use are encrypted backups? It will certainly encrypt your backups if you do not disconnect the drive prior to installing the ransomware, and who does that ?
Windwows 10 is ransomware, you will see come 2016 ...
How often, for example, have we seen articles in the mainstream press warning their millions of readers against doing anything other than delete any e-mail allegedly from their bank asking them to use this link to etc.? How often have the banks themselves written to their customers (via snail mail) telling them that any such e-mail is bogus and should be deleted immediately? A certain percentage of the great techno-ignorant unwashed cannot be told. I have already had to warn a couple of chums who regard me as their gratis sysadmin that they should under no circumstances download from unofficial sources. Their response was to winge about having to wait more than a couple of days despite it being carefully explained to them that we are talking about countless millions of machines that simply cannot be upgraded overnight. I am sorry to say that you just cannot get through to some people regardless of how hard you try.
Big companies don't think things through. BT for example use a domain called custhelp.com for certain support. Look at the whois for it you will see it is not a BT domain.
(1) How is the man in the street supposed to understand that it is ok in certain circumstances to break the rules about clicking on unfamiliar links?
(2) If a "rogue" organisation successfully dupes custhelp (apparently part of oracle) into accepting their media, and serves up dodgy links to people, their penetration will be far-reaching because advisors will say "oh yes, custhelp.com is legit, click on the link." The rules will change because of this: you not only have to look at the domain you are clicking into, but the sub-domain as well.
Or Nominet, who back in May sent an e-mail to everyone with a domain under the .uk CCTLD (including those with .co.uk etc. domains) saying
"You now have access to an online account with Nominet that you can use to manage some other services associated with your .uk domain names (for example to transfer your domain name or check your registration details).
"Please follow the link below to access your online account and confirm that your contact details are correct"
According to their customer support this was a genuine e-mail rather than a phish, but it fails every sniff test.
This post has been deleted by its author
I am sorry to say that you just cannot get through to some people regardless of how hard you try.
Tried a sledgehammer, a pickaxe or the aptly-named Stanley Fubar (XL, preferrably)? The diamond-blade water-cooled saw I have eats 10cm concrete for lunch, so a luser's cranium should be no problem at all.
(safety glasses icon, for obvious reasons)
Dear customer, we send you this mail in order to inform you, that we will never request your PIN, address and other personal data per e-mail.
For legal reasons please confirm reception of this notification by clicking on below link and following the notification process.
<link to payload on spoofed page>
yours sincerely
your bank
From the title I thought this was going to be an article examining the potential impact to users of relying on an OS which may at some time require further payment for it to be used (Microsoft's words on Windows As A Service etc. haven't been clear enough to make that not something to be concerned about).
Add in the use of Bitlocker with keys held on Microsoft Accounts and you could have the makings of "Windows 10 = Ransomware".
Tin-foil hattery and FUD, I know. But it's the weekend.
Next year is when nickel and dimeing will really kick in. 9.99 to play solitaire? how much to use the calculator? The real cost will be revealed. Sky used the same tack when they got F1. Free in the first year and now an arm and a leg. No matter how many times you fool people they still fall the same old stunts.
""Williams told the Reg that it also demonstrates its efficacy by showing a complete list of encrypted files and offering to decrypt five of them for free."
Could this be used to determine the decryption key?"
Sort answer: no. If it could, then anyone with both the plaintext and the cyphertext could be able to work out the key. But since this is public key encryption essentially, anyone can generate cyphertext using their own plaintexts. So no real help I'm afraid.
Regardless of one's views about Microsoft, the topic of ransomware is one that has always enraged me, not due to the antics of the extortionists who send out this crap, or the mindless victims who will click on anything without thinking, but for the failure of governments to take effective action. What would be effective?
First, use every technological resource (NSA, GCHQ, etc) to track down the culprits (difficult? yes, impossible? no) and then literally execute them after establishing their guilt in a courtroom.
Second? Make it known that ANY individual anywhere on the planet that engages in such data extortion via encryption/ransomware is going to be KILLED. That's right, kill the no-good sons o' b*tches, kill them with extreme prejudice, kill them with a smile on our faces.
Why should they be permitted to continue wasting oxygen? What do they contribute to society?
Kill them.
<quote>That's right, kill the no-good sons o' b*tches, kill them with extreme prejudice, kill them with a smile on our faces.</quote>
For sport, they could be fastened in an electric chair, streamed live over the internet; and a url published to 'finish them off'. Enter the right hexadecimal code, and the relay closes, and they get fried. They will "sweat bullets" waiting for the end to come, which will make the current flow through them even better.
Now, ElReg, where is that evil bastard icon???
Then again, you could always use one of these:
http://www.theregister.co.uk/2015/08/01/fda_hospitals_hospira_pump_hacks/
Lots of comments on this thread trying to link ransomware to terrorism / asking for the death of said individuals. While I do agree with your anger (former Cryptowall victim here speaking) I think that they are more of an organized crime, rather than terrorists. In order to qualify for the terrorist title, wouldn't they need an ideology to back them up first? Not that it should diminish their punishment in any way, but I think we should call them what they are: criminals.
As for the downloading of Windows 10, I have not encountered any of these cases yet, but I cannot say that similar cases haven't happened to me. The emails look so real and legitimate, that even people who are supposedly tech educated can fall for it. We've implemented a software (Rollback Rx) to combat these kinds of situations, in where even if the user were to fail our security systems, we can still preserve our computer's and network's integrity. Rolling back has really cut back on our maintenance and security costs, without having to compromise quality.
Impressive spec. My worry with a product like that is to do with the underlying hardware. It looks as if a layer is being created between the file system and the hardware platters which manages things. Presumably it will cope with hot-swappable RAID disks, but what if a normal pc's hard drive develops bad sectors, etc. would I be able to stick the drive in another pc, for example, to recover the data?