Surprisingly enough it is already a second ransomware associated with the Donald Trump theme. The second iteration seems to be more dangerous and sophisticated piece of malware and shares some similarities with the infamous VenusLocker ransomware.
Another interesting fact about TrumpLocker is its list of targets. Most ransomware programs encrypt certain type of files (.jpg, .jpeg, .docx, .doc, .xls, etc.) but TrumpLocker hunts for other unusual file types as well. In the code of this ransomware we, have also found a special «Exclude Folder» which contains certain folders which will be ignored by the virus during the encryption. Folders like Program Files, Program Files (x86), NVIDIA Corporation, Internet Explorer, Microsoft Office, Mozilla Firefox, Skype are on the list.
In addition to that, TrumpLocker is also very cautious with security and anti-malware folders. «Don’t poke the bear» logic in action here. Other information is encrypted by the malware with the RSA-4096 encryption algorithm. It means that the public key is used for hacking, while the private key is needed for decryption.
All infected files get a new extension of «.TheTrumpLockerf» or «.TheTrumpLockerp». If the file is corrupted entirely it, receives the first extension, and if the locker corrupts only 1024 bytes of the file – it chooses the second extension. Malicious programs like TrumpLocker Ransomware often suggest to use Bitcoin wallets to pay for the decryption key that will bring your files back to normal deleting those .Trump extensions. In this case the locker will create a ransom note with very detailed instructions about what just happened including how much you have to pay, how you can contact the creator of the virus, etc. The private key price for decryption is $150. But there is a high risk that you will be ignored once money is transferred. No one is actually going to unblock your files and restore the data. Plus, you will become a sponsor for next attacks contributing to the development of newer viruses and malicious software like this one.
We’re still don’t have a full list of the main spreading techniques for this ransomware, but it is safe to safe that most common strategies are in use. We’re talking about typical stuff like:
Please, follow the instruction below if you need additional information on how to remove TrumpLocker Ransomware. Usually, this kind of malware can be deleted automatically – using an advanced anti-malware program such as Plumbytes Anti-Malware – or manually. Though, we do not recommend the second option because might accidentally harm your system even more. File-encrypting programs like this one are often disguised as safe-looking files. Deleting wrong files might cause additional problems with your OS. For more information, please, continue to read the paragraph below.
Symptoms of TrumpLocker Ransomware infection on your computer can be: computer crashes, unusual homepage or search engine on your browser, unwanted pop-up ads and advertising banners. We recommend to download our automatic removal tool. This removal tool has been tested for TrumpLocker Ransomware threat removal and it is easy to use.
After performing all of the steps above you should have all of your web browsers clean of the TRUMPLOCKER RANSOMWARE and other suspicious add-ons and extensions. However to complete the removal procedure we strongly advise to scan your computer with antivirus and anti-malware tools like SpyHunter, HitmanPro 32-bit, HitmanPro 64-bit or Malwarebytes Anti-Malware. Those programs might help to you find registry entries of malware and remove them safely.