Two men who masterminded various Coinvault ransomware infections will carry out 240 hours of community service as punishment for compromising thousands of computers and profiting around $12,000 from their users.
The sentence was handed down by a court in Rotterdam, in the Netherlands, where it was ruled brothers Melvin and Dennis van den B. had earned leniency based on their cooperation with police, lack of a criminal record, and young ages at the time they were collared in 2015. Melvin was 22 and Dennis 18 at the time of their arrest.
Prosecutors had asked that they receive a year in prison in addition to the 240 hours of community service.
Coinvault surfaced in 2014 as a high-profile file-scrambling malware. The software encrypted victims' documents, and demanded they pay a ransom of one Bitcoin (worth a few hundred Euros at the time) to restore access to their data.
While the pair was only charged with infecting 1,259 machines, researchers have estimated that the actual number of PCs hit with the malware was more like 14,000, with victims in more than 20 countries.
It was claimed in court that about 100 people coughed up the ransom demands before antivirus makers were able to develop a decryption tool to unscramble hostage files. The malware would only be eradicated fully in 2015 when the brothers were arrested and the full decryption keys were recovered.
Interestingly, it was the pair's Dutch nationality that brought them down. Researchers were able to pinpoint the locality of the authors to the Netherlands after finding snippets of the code containing "flawless Dutch phrases" that are usually only used by native speakers of the notoriously difficult language.
Kaspersky Lab, who helped lead the investigation and eventual takedown of Coinvault, said that, despite the lenient sentence, the ultimate takeaway from the three-year ordeal should be that, in the end, extortionists do get caught.
Sent to us by: Roy W. Nash
The German state of Lower Saxony plans to follow Munich's example, and migrate 13,000 users from Linux back to Windows.
Apparently undaunted by the cost of the Munich switch (which we reported in January could be as much as €100m), Lower Saxony is considering making the change in its tax office. The state seems to expect a much cheaper transition, with a first-year budget is €5.9m, and another €7m further out.
The tax office argues its decision is driven by compatibility: field workers and teleworkers overwhelmingly use Windows, while the OpenSUSE variants are installed on its office workstations. The office workstations are also ageing and due for replacement, something that helped open the door for Windows.
The move is in its early stages, however, with the Lower Saxony government currently defining the “framework conditions” of the migration; this will be followed by a pre-selection of possible solutions.
We can only hope that Lower Saxony has a better time of it than Munich. After 15 years of using Linux, Munich voted in February 2017 to start the long march back to Microsoft.
Some Microsoft software proved hard to kill even after so long. For example, Munich stayed with Microsoft Exchange for mail servers.
Sent to us by: Roy W. Nash
Google has followed the lead of Apple by banning crypto-mining apps from its Play Store.
An update to the company's developer policy reads: "We don't allow apps that mine crypto-currency on devices." The company had previously banned crypto-currency mining extensions on its Chrome browser.
This move marks another step by banks and tech companies trying to get to grips with the practicalities of crypto-currencies.
The ban does not extend to all software involved with mining virtual cash. Google, like Apple, said it would allow people to make apps that let them manage mining being done elsewhere—such as on cloud computer platforms.
When mining is done "on device" there is a risk that the smartphone will overheat as a result of intense processing. The mining can also quickly deplete batteries.
Some malware gangs have also moved to adopt crypto-currency mining. Many poorly-protected websites have had mining code inserted on them to use visitors' computers to generate the cash.
The crypto-currency mining restrictions are one of several changes Google has made to its developer policies.
Sent to us by: Roy W. Nash
Microsoft is finally doing something about the way Windows 10 handles updates. And it’s using machine learning to accomplish the task. If it’s successful, updating Windows 10 should, in the future, become much less annoying.
Windows 10 can be a little aggressive when installing updates. Unless you know how to manage Windows 10 updates, they’ll come thick and fast, and start installing when you least expect it . . . possibly rebooting your PC at an inopportune moment.
Microsoft has a plan up its sleeve to prevent this from happening. And it’s being tested right now by Windows 10 Insiders. The key is artificial intelligence which Microsoft hopes will be able to accurately predict when the time is right to install updates.
If all goes well in testing, the new system should reach ordinary Windows 10 users later in early 2019.
Windows Insider chief Dona Sarkar asked in a blog post, “Have you ever had to stop what you were doing, or wait for your computer to boot up because the device updated at the wrong time?” To which everyone replied, “Yes.”
Microsoft has listened to this feedback, so, “if you have an update pending we’ve updated our reboot logic to use a new system that is more adaptive and proactive. We trained a predictive model that can accurately predict when the right time to restart the device is.”
This means that Microsoft will “not only check if you are currently using your device before we restart, but we will also try to predict if you had just left the device to grab a cup of coffee and return shortly after.” Or at least that’s the plan.
Is Microsoft's approach going to work for users? We'll have to wait until we see it working in the wild to know.
Sent to us by: Robbie Ferguson