Trying to hide in/on an obscure platform ultimately makes one more vulnerable because in the new platform agnostic attack age everybody gets a turn, and the ones that think they're 'safe' tend to get hit the worst.
Are you calling Chrome OS an "obscure platform"?
Not to put too fine a point on it, but...yes I am.
Security by Obscurity = nobody is writing exploits for this platform so it must be secure, because nobody is writing exploits for it... (see where that loops?)
As variety becomes more the norm, the platform isn't always guaranteed, so web based attacks can/will start using more - platform agnostic - web based code.
It might not be the most widely used platform, but it's now used in over 50% of US schools, and part of that is (besides it being idiot-proof) the security. You can't run a .exe file on it. Enough said. How confident is Google about this security?
All the more reason why its user base should start expecting some - unpleasant - attention..
See exhibit 1:
Google Will Pay You $100,000 to Hack a Chromebook
Completely, utterly, and mind-blowingly academic. Nobody cares if you can or can't hack the Operating System, it's not the target ... The user is.
Ransomware targets the user to get them to compromise their own files. Click here...boom! Your stuff is gone (/encrypted). Now what?
Chrome OS probably is just fine for less adept users...but assuming that it will magically defend against ransomware just because it isn't Windows is a very very risky strategy. Because - regardless of how well you lock down any OS - the user will always have full and complete access to their own stuff, and that's what ransomware is counting on.
It doesn't have to be encrypted well, it just has to be encrypted some how.