Donald Trump Ransomware

With the hype of the US election campaigns going on, it was really just a question of time when cyber criminals start riding these obvious waves and come up with a threat like Donald Trump Ransomware. As a matter of fact, we cannot call this infection a dangerous hit just yet as it seems more like a work in progress. We noticed this threat about a month ago when its first version emerged but it has not got to the distribution stage ever since. So practically we are going to share our findings with you in this article about a ransomware that has the vicious potential to encrypt all your major files and take them hostage until you pay the ransom fee, yet, it does not actually do so in this developmental version. In fact, you cannot even get infected with this malware program yet unless you download it and run it yourself knowingly. Since it is quite possible that this ransomware will hit the web in the near future fully loaded, it is important that we talk about it and how you can prevent it from landing on your system. And, of course, we will also tell you how you can remove Donald Trump Ransomware.

As we have already mentioned, we have not found a spreading working version of this threat yet. However, whenever it will start showing up, it is essential for you to know how it may try to infiltrate your operating system so that you can protect your computer. The most likely method its authors may use to distribute this potentially dangerous program is spam e-mails. But it is not the spam mail itself that causes the problem; the real issue is presented by the attached file. This attachment may pose as a text document or an image file, but in reality it is a malicious executable file, most likely a Trojan, whose task is to download and initiate the "real deal" in the background silently. Such spam could have a very convincing sender address and subject line that would make you feel that you must open it and check out the attachment, too. This subject can be anything to do with your credit card details, a parking fine, a wrongly placed flight ticket order, and so on. The worst thing about ransomware infections in general is that when you notice it and delete it, your files have already been encrypted and you could lose all of them unless you have a backup copy saved on a portable drive or you can find a free decryption tool on the web. This is why you need to be more careful with opening your mails either in your inbox or other folders as well where such a spam mail might end up.

Another possible way for Donald Trump Ransomware to show up on your computer is via Exploit Kits. This method targets outdated browsers and drivers (Flash and Java) to drop infections onto your system. In other words, specific fake webpages are set up like a trap. The moment your outdated browser loads such a page, the malicious code on that page activates and can exploit certain older bugs to infect your PC with this ransomware, for example. We hope that it is clear now why you should always keep your browsers and your drivers up-to-date. This could save you a lot of unnecessary headaches caused by infections that can sneak onto your system this way.

Our research into the malicious code revealed that this developmental version does have the code for encrypting your files. This attack is initiated the moment you try to run the downloaded malicious file. It can use the good old AES encryption algorithm just like most of its peers and targets the following extensions: .zip, .mp3, .7z, .rar, .wma, .avi, .wmv, .csv, .tax, .menu, .icarus, .sav, .raw, .flv, .m3u, .xxx, .pak, .jpg, .png, .docx, .doc, .ppt, .odt, .csv, .jpeg, .psd, .rtf, .cfg, .json, .dat, .pub, .pptx, .php, .html, .sk, .txt, .mp4, .vb, .swf, .ico, .jar, .log, .ini, .dll, .xml, .tex, .assets, .resource, .java, .js, .css, .gif, and more. This means that you could actually lose your archives, documents, pictures, videos, and certain program files in one go; in a matter of a few seconds really. However, we have found that this ransomware does not yet do so, at least, not to your whole hard drive. Instead, this malware program looks for a folder called "encrypt" in whichever directory the malicious file is located. If it finds such a folder, it encodes the names of specific files with Base64 and adds the ".ENCRYPTED"extension. The good news is that even if you happen to have such a folder, you can easily recover the affected files by decoding them and changing the extensions back or you can simply click the "Unlock" button that is offered on the ransom note window that comes up right after the supposed encryption is over.

This ransom note also looks like a work in progress as there is no note really explaining what just happened and how you can get the private key or the decryption tool as is the case usually when a ransomware program hits your computer. All you can see is a list of files that have got allegedly encrypted in the "encrypt" folder and the aforementioned "Unlock" button. In newer variants there could be a note about the ransom fee, which could range from 0.1 up to 1 Bitcoin (around 60 to 600 US dollars), and how you can transfer it to these criminals. You should know that it is always a risk to pay money to such crooks and there is a good chance that they will not return your favor, i.e., you will not have your files decrypted. But in this case now, you do not have to make this hard decision; you can simply remove Donald Trump Ransomware from your system.

Since this version does not lock your screen and block your vital system processes, you can easily close its active window. Then, bin the malicious file that you downloaded from the web and restart your system. This should take care of this threat. Please follow our instructions below if you need guidance with this. Although you can avoid similar attacks if you take our advice about not opening questionable mails and updating your software regularly, the best way for you to protect your virtual world is to install a reliable malware removal tool, such as SpyHunter, which is our choice when it comes to defense against all existing malware infections. You can find your own tool that suits you best, but make sure you run a proper web search not to end up with a rogue program that would cause more security issues for you.

How to remove Donald Trump Ransomware from Windows

1. Close the malicious program (e.g., press Alt+F4).
2. Locate the malicious file and delete it.
3. Empty your Recycle Bin.
4. Restart your PC.