Home Malware Programs Trojans 'caforssztxqzf2nm.onion' Locker

'caforssztxqzf2nm.onion' Locker

Posted: November 20, 2018

The 'caforssztxqzf2nm.onion' Locker is a harmful application that is likely to still be under development since malware researchers are yet to encounter victims who have had their computers compromised by this particular threat. The 'caforssztxqzf2nm.onion' Locker does not feature a working file-encryption algorithm yet, but it still displays a ransom message, which tells the victims that their data has been encrypted securely and the only recovery option is to pay for the decryption services of the attackers.

Another peculiar thing about the 'caforssztxqzf2nm.onion' Locker is what it does to the infected computer. It applies a change to the Windows Registry, which ensures that the next time Windows starts it will boot in ‘First Run Mode’ (the first run after Windows has been installed). To ensure that this will happen, the 'caforssztxqzf2nm.onion' Locker will use the command ‘shutdown -r -t 35 –f,’ which tells the PC to restart after exactly 35 seconds. When the computer boots up again, it will display the file ‘payload.hta’ – a ransom message that tells victims to visit the TOR-based page 'caforssztxqzf2nm.onion' for additional details and payment instructions.

While the 'caforssztxqzf2nm.onion' Locker is not a fully functional threat, for now, it is clear that its authors know what they are doing, and the final product is likely to be very, very dangerous. You should take the required measures to minimize the damage that threats like the 'caforssztxqzf2nm.onion' Locker are able to cause to your computer immediately:

  • Avoid downloading files from suspicious websites.
  • Stay away from pirated software and media.
  • LUse an updated anti-virus tool.
  • Apply all operating system and software security patches.
  • Backup your important files to the cloud or an offline storage regularly.