- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
Trump Locker Ransomware
It seems that some cyber criminals find it hilarious to name their malware after well-known people — real and fictional. The developers of Trump Locker Ransomware seized the opportunity to include Donald Trump’s last name. While Donald Trump is not interested in hacking your computer, the developers of this ransomware certainly are, so you ought to remove Trump Locker Ransomware from your PC. This malicious program was set to encrypt your personal files and then demand that you pay a ransom to get your files back. However, you cannot trust the criminals to give you the decryption key once you have paid.
We have found that this ransomware is similar to VenusLocker Ransomware. We think that this new ransomware is a clone of VenusLocker Ransomware. However, it might not come from the same developers. In any case, this is an indication that more clones may come out shortly and the only way to really protect your PC is to get an anti-malware program that can protect your PC in real time.
Now, as far as this ransomware’s dissemination methods are concerned, there is no concrete information about how it is distributed. We think cyber criminals might distribute in a way that is similar to VenusLocker Ransomware. We think that Trump Locker Ransomware’s developers have probably set up an email server that is dedicated to spamming the inboxes of unwary users with fake invoices, receipts, tax return forms, and so on in an attempt to infect as many computers as possible. The emails should feature an attached file that can be an executable disguised as a Word or PDF document. The executable can download the main executable and drop it in a secret location.
Our research has shown that Trump Locker Ransomware uses the RSA-4096 encryption and AES encryption algorithms to encrypt your files. It appends the files with the .TheTrumpLockerp extension that indicates that the file has been encrypted. This ransomware is set to fully encrypt one set of file formats and partially encrypt others. For example, it can fully encrypt the .txt, .ini, .php, .html, .css, .py, and .docx, file formats but only partially encrypt .asf, .pdf, .xls, .xlsx, .mp3, .waw, .jpg, .jpeg, and so on. This ransomware generates a unique encryption and decryption key. The encryption key is stored locally while the decryption key is sent to the command and control server. This ransomware claims that it will delete the decryption key after 72 hours of the infection is you do not pay.
Our analysis of this infection has shown that Trump Locker Ransomware drops a file named RansomNote.exe that autostarts with Windows. It is dropped on the desktop and so is What happen to my files.txt. Furthermore, it drops a file named uinf.uinf in %Temp%. However, the main executable could be stored in your Downloads folder or placed in a hidden location. Furthermore, the main executable can be named randomly, so it may be difficult to locate and identify.
As you can see, Trump Locker Ransomware is a highly malicious computer infection that can encrypt your files with a strong encryption algorithm and demand money for the decryption key. You should not comply with the demands of the criminals and remove this ransomware using our guide. We suggest using SpyHunter to detect all of the malicious files, including the main executable, and then delete them manually.
Delete the registry key