TrumpHead Ransomware

What is TrumpHead Ransomware?

TrumpHead Ransomware was named this way by the malware’s developers, as our researchers located a line calling it this way in the threat’s code. Currently, it looks like the malicious application is still unfinished, but it already seems somewhat troublesome. Apparently, once it is finished the infection should be able to not only lock user’s data but also delete shadow copies to prevent file recovery. Later in the article, we will tell you more about how the malware could behave or how it might be spread if the hackers finish developing it. Also, we add instructions showing how it could be possible to eliminate TrumpHead Ransomware manually. However, given the malicious application can still change, it would be wiser to use a legitimate antimalware tool instead.test

Where does TrumpHead Ransomware come from?

TrumpHead Ransomware could be distributed with various malicious data that might reach victims via Spam email, unreliable file-sharing web pages, pop-up advertisements, and so on. Meaning those who wish to stay away from such malicious applications ought to be extra careful when surfing the Internet. No doubt it is better to scan a file with an antimalware tool first if you suspect anything, rather than regret later on for not investing a minute to check it. All you have to do is pick a legitimate antimalware tool that could recognize various threats and guard your system from them.

How does TrumpHead Ransomware work?

For now TrumpHead Ransomware does not encrypt any files, but if it gets finished, our researchers at say it should be able to lock files with the following extensions: .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .jpeg, .gif, .png, .csv, .sql, .img, .mdb, .sln, .php, .asp, .aspx, .xml, .psd, .dat, .html, .mp3, .zip, and .pdf. During this process, the targeted files should be encrypted with a strong encryption algorithm, and the malware may delete all shadow copies. After this, the threat may download a picture called {date}.bmp in the %USERPROFILE%\Pictures\Backgrounds and replace user’s Desktop image with it. The image should say the user’s files were encrypted and that he should check a particular text document called READ_THIS.txt.

The mentioned document might appear on the user’s Desktop or every location containing the malicious application’s encrypted files. Our researchers say TrumpHead Ransomware’s developers created a short message telling the user has to pay 0.8 Bitcoin if he wishes to get his data back and he has only 48 hours to do so. As usual, first, the malware’s developers want to be contacted via email ( The note talks about how these people can be trusted, but keep in mind dealing with cybercriminals is always risky as no matter what they promise there are no guarantees they will deliver it. Thus, we recommend erasing the threat instead of paying the ransom.

How to erase TrumpHead Ransomware?

The malicious application can be deleted manually, but to do so the user would need to find and remove its launcher (some suspicious recently downloaded file) and its copy. The instructions located below can guide you through the process, but as we said earlier due to the fact the infection might still change it would be safer to get rid of TrumpHead Ransomware with a legitimate antimalware tool.

Remove TrumpHead Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Click Windows key+E.
  7. Locate these paths:
  8. Locate the malicious application’s launcher.
  9. Right-click it and select Delete.
  10. Go to %TEMP%
  11. Check if you can find the launcher’s copy.
  12. Right-click the malicious .exe file and select Delete.
  13. Navigate to %USERPROFILE%\Pictures\Backgrounds
  14. Find a picture called {date}.bmp (e.g., 2-08-2019.bmp), right-click it and choose Delete.
  15. Exit File Explorer.
  16. Empty your Recycle Bin.
  17. Restart the computer. 100% FREE spyware scan and
    tested removal of TrumpHead Ransomware*

Stop these TrumpHead Ransomware Processes:


Leave a Comment

Enter the numbers in the box to the right *