Chameleon Ransomware on Google Chrome
A friend called me for help yesterday. His wife's laptop (Windows 8) was misbehaving while trying to access the web using Google Chrome. Launching it brought with it a tab with words to the effect that internet access had been frozen, and all computer files were encrypted.
I opened File Explorer (which opened without difficulty) and tried a few .docx and .xlsx files. They opened without issue. However, Google Chrome would not access any web site, only the ransomware tab, nor would Google Chrome close normally. I used Task Manager to close it, then opened Internet Explorer, and was able to navigate the web freely.
I opened Google Chrome again, the ransomware tab opened again, and I looked for a BHO that might be causing the trouble, but could not find a suspect. Using Task Manager again, I closed Google Chrome, then used Revo Uninstaller to get rid of it. After a reboot, there were no further issues. I ran a couple of AV/AM scans that were clean.
This was evidently picked up from the web somewhere, but I didn't try to go into it that far. It evidently used an exploit in Google Chrome, because it had no other adverse effects on the laptop, and no effect on Internet Explorer. It just disabled browsing with Google Chrome.