Results 1 to 6 of 6
  1. #1

    Ransomware, asking for 100 or threat of sending the police

    This is strange.

    Several months back, my grandad wanted to replace his aging window xp / sony vaio laptop, and i made the recommendation to try a chromebook. He only really checks a few websites and uses email, etc, and i pointed out the fact that it should not be able to be infected with malware similar to the constant threat on windows. He enjoyed using it up until today...

    He allegedly had something take over his chromebook this morning, saying he'd downloaded an illegal file and the screen asked for him to pay 100, or his downloading will be reported to the police and he'd face arrest. I heard he actually went to the police this morning; asking if this was a genuine thing, and they told him it's a scam, so he's now gone to PC World to try and get it fixed.

    I'm usually the person to go to in my family for computer issues, but happened to be asleep for most of the morning hours and i think my grandad had a bit of a panic.

    I want to ask, how could this thing have ended up on his chromebook? I have not seen what the actual ransom message looks like, whether it's a fullscreen takeover, or a redirected website etc. But PC World are going to be trying to charge him 200 for virus removal.... that seems more of a scam than this supposed ransomware itself!

    Can anyone enlighten me of cases where ransomware has been able to get onto a chromebook? I've tried to do a few searches via duckduckgo and google, but i'm not coming up with anything relevant.

    I'm going to assume there was a dodgy extension/app on the chrome app store which persistently redirected (and changed) the url he was visiting.... is this unheard of? Because i remember reading that many hackathons have still failed to actually hack chromeos in terms of taking over the system files with rootkit behaviour...

    Many thanks.

  2. #2
    Junior Member
    Join Date
    Jul 2014

    Original Poster
    Turns out it was more than what i expected, apparently the guy at the PC store had to reformat and reinstall the OS to get rid of it... as you couldn't do anything after logging in and this program was disabling keys and taking over the entire screen. He said it was the first time he'd seen something like this on a chromebook.

    I was told the screen mimicked a police logo and used the threat of "we've detected child pornography on your system" -- then going on to ask for 100 to a bitcoin address to remove it from the system, otherwise you'd face the threat of being jailed for downloading it. Very intimidating for someone not in the know about these kinds of malware.

    How could this have gotten onto the chromebook? Payload through an app? Browser exploit? I'm wondering how common this is, as i was told it appeared to be almost rootkit like.

  3. #3
    Yes, the alleged robustness of the Chromebook vs malware seems to be dubious.
    One of ours acquired something nasty in the first ten days.
    Suspect it was as simple as a bad game app from the Google Store. I just offloaded the most obvious suspects, backed up my data, and did a "Powerwash" (Settings -> Show Advanced Settings -> Powerwash the bottom of the page)
    Rebooted, logged on, restored the data, no trouble since.
    Powerwash is a great advance over the trouble that is needed to clean (say) Windows after a bad infection, but we were seriously unimpressed by the defences of Chrome OS.
    No better than MS, in effect.
    Sorry, don't recall which games I removed - nothing elaborate, and all free ones from the store.

  4. #4
    Maybe he accidentally clicked an unusual link that caused that to pop up?

  5. #5
    if it wasn't some app from the Store,
    & those apps aren't always that flash, anyway.
    but, it would have been most likely from some Browser exploit.
    - again, that should have been erasable via an browser reset.

    even though this may have happened some years back,
    - it's still a valid concern, even today.

  6. #6
    If the Chromebook was one of the ones that can run Android apps, then maybe it was an Android ransomware. Although it's still limited, Android apps on Chromebooks generally have a good bit of control over the system. It could also be a malicious extension if it was able to disable key presses. It's generally not possible to get a serious infection on Chromebooks because at the absolute worst, you could force the software on the Chromebook to corrupt (esc+refresh[4th button on function key row]+power button while powered off) so it requires a recovery drive. In that case, you are replacing the OS itself, and because of how ChromeOS prevents things from getting really far into the system, this should have a 100% certainty of working. Another possibility could be if he was using Cruton or something like that to run Linux or another operating system, in which case the aforementioned recovery process would also help.
    Note: with the recovery process, you will need another computer to make the recovery drive, the flash drive itself, and you'll lose anything that was only on the machine physically, although if you're using a Chromebook like it was intended, you'd have at least a backup of everything in Google Drive.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts