THREAT REMOVAL

Apparently, Trump supporters are being targeted by – well – Trump ransomware.

Cyber criminals behind ransomware threats aim at variety of victims – both domestic users and enterprises. For a first time, however, we have discovered a politically biased ransomware ramping around by the name “Trump”.

Trump ransomware has been detected to target users known to be supporters of Donald Trump – a candidate for the Republican nomination for President of the United States in the 2016 election. If you are not a Trump supporter, then you might be safe this time.

Technical Overview of Trump Ransomware

Trump ransomware has apparently two purposes – financial gain for cyber crooks and punishment for Trump supporters. Here’s how it works.

Like in most ransomware cases, Trump ransomware is spread via intensive spam campaigns and phishing emails.

Related: Spear Phishing and Malware

Interestingly, the ransomware appears to target only victims in the United States, and only supporters of Trump. To figure out their potential victims’ political preferences, attackers first dropped an infostealer type of Trojan that opened a backdoor on compromised systems and monitored users’ online activities for some time. Users that turned out to be Trump believers were later contaminated with the malicious payload of the operation – Trump ransomware.

Once the ransomware strikes, it encrypts the victim’s files, appending a .trump extension, and displays the following message:

“What happened to your files?

All of your files were protected by a strong encryption with RS.ARS-836 using Trump 101.

What does this mean?

This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen?

Our records show that you support Donald Trump and consider him to be elected as a president of the United States in 2016. There’s never been a more ridiculous and absurd candidate for a president in World history and if you think he should win and govern the United States, then you will never have your files back again. However, if you change your mind and turn against Trump, then we will send you a decryption key generated specifically for you so you can restore your files. The fee for that key is 1.5 Bitcoins. And remember, we will continue to watch you and could decrypt your files at any time should we detect you have lied to us.”

Can You Remove Trump Ransomware and Restore the Encrypted Files?

The only way to protect yourself from any type of ransomware, Trump inclusive, is to backup your files and use a powerful anti-malware tool that could prevent the malware infection. Furthermore, Trump ransomware deletes Shadow Volume Copies and makes restoring the encrypted files without the decryption key impossible. No encryption flaws have been located in the ransomware so far.

In case you have been affected by Trump ransomware, we strongly suggest that you laugh out loud as you have been fooled.

Nonetheless, the scenario described in the article is absolutely realistic. There is no joke about the devastating nature of ransomware. Ransomware has been growing in popularity thanks to users’ ignorance and carelessness towards their information.

This cyber security April Fools’ joke is a kind reminder for you to never forget to back up your files and use a powerful anti-malware protection.



Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter