Home Malware Programs Ransomware Donald Trump Ransomware

Donald Trump Ransomware

Posted: September 27, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 5
First Seen: September 27, 2016
Last Seen: April 16, 2021
OS(es) Affected: Windows

The Donald TrumpRansomware is a Trojan that renames the files on your PC and displays a pop-up claiming that they're locked. As a probable data encrypting Trojan that still in development, the Donald TrumpRansomware's weaknesses include keeping redundant backups and paying attention to its most likely infection vectors, such as e-mail spam. You can remove current versions of the Donald TrumpRansomware with anti-malware products without requiring any extra steps for unlocking your data.

A Worse Version of a Politician than Any Debate Could Offer

It's frequent for file encryption Trojans to use politically-leaning themes in their ransom instructions, such as promoting Anonymous as a vague force of hacking for strong-arming ransom payments. It's rarer, however, for a Trojan to identify with a prominent politician, particularly one as famous (or infamous) as Donald Trump. Malware experts can verify the Donald TrumpRansomware as being a still-developing project, with no current release in the wild.

The Donald TrumpRansomware's first known compilation dates to the late summer of 2016. Despite over a month from its original creation to this article's writing, no new samples of the Donald TrumpRansomware are identifiable as being in distribution or including additional features. Currently, malware experts only can confirm the Donald TrumpRansomware as utilizing the skeleton framework of a typical file encryption Trojan's campaign, such as:

  • The Donald TrumpRansomware renames your files according to a base64 encoding pattern, and also adds the '.ENCRYPTED' extension to each one. Although this Trojan includes internal AES data-encrypting functions, current versions of the Donald TrumpRansomware don't make use of them, meaning that the content only is renamed, not ciphered.
  • The Donald TrumpRansomware uses a Trump-themed pop-up window for announcing the supposed 'locking' of your content, as well as displaying an ID number field and providing an unlocking option. There are no ransom request fields or restrictions, and PC users can click the Unlock button to reverse the previous renaming process (although they also can do so manually).

Making Your PC's Files Great Again

Samples of the Donald TrumpRansomware executables are significant for forewarning possible victims about this campaign's intentions and targets primarily. If the Donald TrumpRansomware ever is released, it most likely will include AES algorithm-based encryption features that will lock your data legitimately. Besides data types like ZIP or MP3, the Donald TrumpRansomware also renames specialized files such as PAK, DAT, and DLL (the latter being especially important as an essential format for many programs, including the Windows OS).

Spam e-mail messages may be crafted with the current season's news in mind, and con artists may try to distribute the Donald TrumpRansomware's installers with the disguises of political news articles. File attachments not trustworthy always should be submitted to anti-malware scans that can identify most Trojan installers. Malware analysts didn't find any self-distribution features in the Donald TrumpRansomware, but the Trojan may compromise any files it can access over a network or on a removable device.

Whatever your feelings are about the latest American president election, casting your vote for keeping your system and its information safe is something all PC owners should do with backups, security software, and a quick response to this electorally-themed threat.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%SYSTEMDRIVE%\Users\<username>\Desktop\2friDesktop\4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4 File name: 4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4
Size: 92.16 KB (92160 bytes)
MD5: e4d1951b179a1de9d22f83227f1026a6
Detection count: 43
Path: %SYSTEMDRIVE%\Users\<username>\Desktop\2friDesktop\4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4
Group: Malware file
Last Updated: April 16, 2021
Loading...