Google Chrome Users Are Being Baited

Spora Ransomware Targets Chrome Users

A new ransomware campaign is targeting Google Chrome users.  If Chrome users visit a compromised site, an alert will pop up prompting the user to “update” a Chrome font extension.  The false update claims it need to execute because Hoefler Text is not found.  Although this text font is legitimate, the update is not.

Image provided by Forbes, via Proofpoint

According to Forbes, researchers have found after users execute the fake update, they become infected with the ransomware variant, Spora.  Although this ransomware variant is similar to other variants, it does have a few features that set it apart.  First, it is able to function while your PC is offline.  Spora also leaves certain critical data files untouched, solely to keep the PC somewhat functional in order to receive payment for the encrypted files.

Decryption options are also a bit different than traditional ransomware variants.  Most variants make a lump sum ransom demand to get your files back.  Forbes reports Spora has alternative payment options.  Victims can pay $30 per file for decryption or $79 for complete decryption.  In order for the infection to be removed from the PC, victims also need to pay and additional $20.  And, for the low price of $50 you can prevent any future Spora infections.

(Visited 23,305 times, 1 visits today)

15 thoughts on “Google Chrome Users Are Being Baited

  1. First off, PC Matic is the best. Anytime…over the many years of using computers and antiviruses not working as they were supposed to, when I contracted a virus I would re-format the hard drive or reload the OS. This would wipe the hard drive clean and would re-install as if it were day one. Whatever was on the hard drive at the time would be lost, all wiped clean. My steps were to put the OS disc in, turn the computer off, wait a minute or two (so the disc would stop) then restart the computer. A message would pop up asking if you want to install the disc to the hard drive?? Yes…and then the process would begin. This would take about an hour or so…but I had my computer back. Yes, you would have to go back and visit all you can remember (icons and such) that you wanted back and download. This method used to work … has worked. It’s been a long time however since I had to do this. Hopefully I never will again.

    • This important piece of information is missing: “Chrome will never ask you to click and update. Ever.” (“Google Chrome asking you to update? It’s a trap!,” mypcclinic.net).

  2. Every time I get Chrome trying to download I don’t and refuse it, I did not realize Windows 10 was running Mirosoft edge as a browser. I had to reaplace the hard drive on my Dell after 13 months and I wonder if anyone has had a problem like this.
    Several times my shortcuts and going to web sites do nothing but spin. I went back to Firefox and it was OK for a while and then yesterday it started again. The only solution I can find is too turn if off and on again and ti will finally work.
    It boots up within 45 seconds so hopefully its not the new SSD drive.

  3. Make sure you have a current back up on an external Disk Drive. Also have an emergency disk, to restart your P C. If infected, I have, unplugged my P C, Left it off for a couple of minutes, then reboot and see if I am still infected. If you are not, remove your past browsing history. So far this has worked for me. Am using GOOGLE as my browser and am very consistent in cleaning my browsing history.

    • Doesn’t help in the case of Spora as it also finds and encrypts any back up files that are connected to the pc at the time of the infection. If you keep a back up file on a separate, disconnected drive then MAYBE that will work as long as you remove all traces of the virus from every drive that was connected at the time of the infection. I say maybe because that’s not what I did, so I’m still hoping for someone to come up with a decryption solution. Right now I’ve lost all access to my pics and word documents. But I refuse to pay these people anything.

      • @Kevin Stacy:
        Until recently upgrading to W7 from XP I had the peace of mind of 3 identical laptops for the past 10 years. Each laptop had a cloned back up drive. XP was the last OS that permitted exchanging drives (no longer an option) between (same model) laptops. Each laptop came with recovery discs which were rarely used. This arrangement provided ultimate peace of mind, along with two back data drives that were connected once every month. I now have three HP laptops running W7 and several data back up drives. Although I cannot exchange drives any longer it is a simple matter to back up weekly to a flash drive, with monthly back-ups going to external drives.

  4. This is why one should give less savy family and friends a separate pc for browsing the web versus everything else. So when they do idiot things nothing’s lost. Simplest way I’ve found. Even the most sophisticated fixes I’ve tried these people figured out how to cause them too fail.

    • @Jim: I went to the “final solution”: ditch Windows, go ChromeBook. Already bought five of them. The more recent one stays with me, the others went to my wife, children and nephew. Nobody more get caught by bad people. No need for anti-viruses, anti-malware, updates (OK, still a few seconds per month). The machine is Chrome browser-based, no Flash (this is good), free Google Docs, Internet Office 365 for those still addicted to Microsoft and we can live without games that don’t play through Internet alone. And the price is right. What about the old machines? copy the useful disc contents to external USB drives, make all these files read-only, then boot a Linux CD (Ubuntu is fine, there are others), pitilessly re-format the HD and install. Laptops and desktops run faster than ever. My house is at last Microsoft-free! If any crap was loaded to the external drives, it is now innocuous.

    • @Jim:
      Computer shop technician utilized this method and he wasn’t a novice, using one device for the www while his main computer was never connected. Isn’t It possible to contract something simply by frequenting a neglected site?

  5. Firefox has a popup similar to this one, but is not an infection that I can see, but it is bad enough. As yahoo is my home page, I would open FF and a message would pop up telling me to download a new update for FF, I fell for this twice!!! the third time, I looked a bit closer to the file and found it was a .js and not an .exe file. I think putting this in my download folder was a test to those who made it to see what i would do with it. well i turned it into a .txt file and kept the contents. since it is no longer a .js script it cannot be executed. I had to remove FF again for the third time in a year and installed Seamonkey. I Also reported the popup to FF and to yahoo. I got no reply back.. just be aware of your browsing.

  6. I have had PC Matic for a few years, now, is this all being updated, or is there some where for me to check? Also changed computers covered as I replaced computers and killed and ate my x wife.

    • PC Matic does all updates for Chrome. If you have a pop up that says you’re in need of an update, run a scan and it’ll complete any legitimate updates needed for the browser.

Leave a Reply

Your email address will not be published. Required fields are marked *