Threat Database Trojans 'caforssztxqzf2nm.onion' Locker

'caforssztxqzf2nm.onion' Locker

By GoldSparrow in Trojans

The 'caforssztxqzf2nm.onion' Locker software is produced by threat actors who aim to compromise remote systems and direct users towards a TOR-based payment page for an unlock code. The 'caforssztxqzf2nm.onion' Locker is a Trojan program that may be dispersed through spam emails, fake browser updates, pirated games and malvertising. Low infection ratio and lack of samples are not helping with limiting the 'caforssztxqzf2nm.onion' Locker campaign. However, you can take steps to secure your device by installing the latest security patches, avoiding spam emails and questionable programs. The 'caforssztxqzf2nm.onion' Locker is designed to force a system reboot when the users double-click its file. The 'caforssztxqzf2nm.onion' Locker may be presented as a text file, a PDF document and a free application. Double-clicking the 'caforssztxqzf2nm.onion' Locker executable forces Windows to reboot into the first-run mode that is the way Windows loads after you have installed it. Instead of the welcoming message inside the Edge browser compromised users are greeted by a black screen with the following text:

'Oops? Your files have been encrypted.
If you see this text, your files are no longer accessible.
You Might have been looking for a way to recover your files. Don't waste your time.
No one will be able to recover them without our decryption service.
We guarantee that you can recover all your files safely.
All you need to do is submit the payment and get the decryption password.
Visit our web service at caforssztxqzf2nm.onion
Your personal installation key#1:
[random characters]
If you have already got the password, please enter it below. Password#1:'

The first samples of the 'caforssztxqzf2nm.onion' Locker featured a broken message, and computer security researchers extracted the HTML message shown above from available resources. It is suspected that the 'caforssztxqzf2nm.onion' Locker is still in development at the time of writing. We visited the .onion domain provided by the 'caforssztxqzf2nm.onion' Locker but it was not accessible. The threat authors may have switched to a new address once news of the 'caforssztxqzf2nm.onion' Locker started circling the Internet. The first release of the 'caforssztxqzf2nm.onion' Locker has no encryption capabilities, and the affected users may need the help of a computer technician to restore access to their desktops. However, your data should be safe, and you might want to start making backups regularly. New versions of the 'caforssztxqzf2nm.onion' Locker are likely to appear soon. Install a reliable security shield and take advantage of legitimate software distribution platforms as opposed to installing programs from unreliable sources.


Most Viewed