Trump Ransomware

The Trump Ransomware is a file-locking Trojan that's part of the Scarab Ransomware family, a Russian Ransomware-as-a-Service. The threat keeps files from opening by encrypting them and holds them hostage until the victim pays its ransom. Users can update and secure their backups for optimal recovery options, and most anti-malware programs should delete the Trump Ransomware if they're active.

Russian Data Kidnappers Dipping into Politics

Colorful themes are one way how threat actors can make their Trojans' campaigns more meaningful or amusing to themselves merely. The controversial figure of Donald Trump is one of the icons that rotate through Trojan payloads this way, as malware experts take note of in the cosmetics of the TrumpLocker Ransomware the Donald Trump Ransomware, and the very new the Trump Ransomware. What makes the Trump Ransomware different from the others is its relationship to a Ransomware-as-a-Service of some notoriety: the Scarab Ransomware.

The Scarab Ransomware family's most distinctive trait is including an entire branch of Russian language-based variants, although it also has significant English support. The Trump Ransomware belongs to the English side, much like the Scarab-Leen Ransomware, the Servicedeskpay@protonmail.com Ransomware, the Scarab-Danger Ransomware and the 'online24files@airmail.cc' Ransomware. Like other versions of its family, its class-defining feature is the one that should concern most victims. This function uses an RSA key-secured AES encryption routine that searches for and locks files of media formats ranging from text and documents to pictures, music and other media.

The Windows-based the Trump Ransomware also can conduct other attacks along the way, such as adding its extension into files' names (one of the few differentiating elements between it and its ancestors) and wiping the Shadow Volume Copy and the Restore Points with a CMD command and creating a text ransom note. The last of these offers the traditional proposition of helping victims recover their data with negotiations over a free e-mail account. Victims considering paying any ransoms, Bitcoins or vouchers, especially, should remember that threat actors might not honor the word of any agreements.

Keeping Politicians from Turning into File-Destroying Mascots

The Trump Ransomware's American political theme isn't a hard limiter on what systems the Trojan might target. The Scarab Ransomware campaigns can compromise most versions of home Windows systems, and some attackers also opt for targeting business entities' servers through vulnerabilities. Nationality is, in general, no protection from Trojans with these attacks. However, a minority of threats will include various anti-installation options for 'unwanted' victims, such as those using the wrong language.

Malware researchers rate secure backups as the only solution to the Trump Ransomware infections with a completely-reliable rate of recovery and recommend investing in non-localized backup services for irreplaceable or valuable media. Users also should be cautious around infection vectors of note for file-locking Trojans, with examples including:

• Torrents with illicit media or software themes (such as cheats for games).
• Software updates not coming from an authentic Web domain.
• E-mail attachments documents and spreadsheets that use macros or advanced content, especially.

Most users also should concern themselves with choosing appropriately-strong passwords, disabling features that invite attacks like browser JavaScript, and keeping their software patches strictly up-to-date. Even if all of these defenses are inadequate, reliable anti-malware products will flag and remove the Trump Ransomware correctly.

The Trump Ransomware is taking a colorful public figure and turning him into a cyber-crime mascot against his will. While it may provide some amusement for the threat actor, what happens to those on the wrong end of the Trump Ransomware's payload is anything but a joke.