New ransomware campaign is targeting Google Chrome users with fake font update alerts

A new ransomware campaign is targeting Google Chrome users.  If Chrome users visit a compromised site, an alert will pop up prompting the user to “update” a Chrome font extension.  The false update claims it need to execute because Hoefler Text is not found.  Although this text font is legitimate, the update is not.

According to Forbes, researchers have found after users execute the fake update, they become infected with the ransomware variant, Spora.  Although this ransomware variant is similar to other variants, it does have a few features that set it apart.  First, it is able to function while your PC is offline.  Spora also leaves certain critical data files untouched, solely to keep the PC somewhat functional in order to receive payment for the encrypted files.

Decryption options are also a bit different than traditional ransomware variants.  Most variants make a lump sum ransom demand to get your files back.  Forbes reports Spora has alternative payment options.  Victims can pay $30 per file for decryption or $79 for complete decryption.  In order for the infection to be removed from the PC, victims also need to pay and additional $20.  And, for the low price of $50 you can prevent any future Spora infections.