[tptacek]

No matter what the FBI says, ransomware is going to continue until vendors ship systems that are secure enough to prevent ransomware by default.

Meanwhile, "don't pay the ransom" is not an honest answer to "what's the best thing for me to do now that I'm infected".

[blisterpeanuts]

"Don't pay the ransom" is just the first sentence. The rest of the paragraph would be: "Restore your data from backups, and have an IT professional come in and remove the malware if it's also on the backup."

Just telling people to pay the ransom is idiotic. It actually leaves the malware in place, and what guarantee is there that they won't be blackmailed again the next day?

[vonklaus]

is it possible for vendors to ship a system like this that would also allow for users to encrypt their entire hard drives? Maybe it would be something like OS X firmware lockdown, but that is less convenient and takes away a lot of the options for the user.

Is this an either/or scenario?

[tedunangst]

Lots of vendors ship encrypted hard drives. Some of them are even almost secure.

Or are you asking can a vendor prevent a compromised user account from installing pgp and encrypting everything? Probably not very well.