Trump Locker Ransomware

Posted by Lisa Blanc on March 1, 2017

What is Trump Locker Ransomware?

Trump Locker Ransomware is a new ransomware-type computer infection that can encrypt many of your personal files and then demand that you purchase a decryption key to decrypt your files. However, you should not comply with the demands because you cannot trust the cybercriminals to deliver on their promise and give you the key. We recommend that you remove this ransomware if your PC becomes infected with it. In this article, we will discuss how this ransomware works, how it might be distributed and how to get rid of it.testtesttest

What does Trump Locker Ransomware do?

Trump Locker Ransomware is a typical ransomware-type program. According to our malware analysts, it uses the RSA-4096 and AES encryption algorithms that are quite strong, and it is possible that security specialists will not be able to crack its encryption. Our analysts say that this ransomware generates a public encryption and private decryption keys. The encryption key is stored locally while the decryption key is sent to the Command and Control (C&C) server and stored. When this ransomware launches, it connects to its server at https://3q27hfpradjovwyo.onion.cab/ran/gen.php?u=[computer-name]\[login-name]. This ransomware claims that it will delete the decryption key if you do not pay within 72 hours. If that is true remains to be seen, but it is evident that the cybercriminals use scare tactics to convince you to pay the ransom as soon as possible.

While encrypting your files, Trump Locker Ransomware is set to append them with the .TheTrumpLockerp extension. Researchers say that this ransomware can encrypt hundreds of file formats. It encrypts some files fully and others only partially. Nevertheless, it will exempt some folders, so that your PC could function normally. Nevertheless, the result is that you cannot access your content. Once the encryption is complete, this ransomware will drop a ransom note that will ask you to pay 150 USD in Bitcoins (0.145 BTC). However, there is no guarantee that you will receive the decryption key once you have paid.

According to our malware analysts, this ransomware can infect your computer if you open a file named TrumpLocker.exe. This file will infect your PC with RansomNote.exe which is the main executable that is set to run on system startup. The ransomware creates its Point of Execution (POE) at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run called TheTrumpLocker. It will also drop a file named uinf.uinf in the %Temp% directory, and a ransom note named “What happen to my files.txt” on your desktop. Once all of the files are in place, it will start doing its dirty work.

Where does Trump Locker Ransomware come from?

Truth be told, there is no information about how this ransomware is disseminated. Researchers say that is nearly identical to VenusLocker Ransomware, a ransomware-type infection that was said to be distributed through malicious emails. Therefore, we can assume that this new ransomware can be distributed the same way as well. The developers might have a server dedicated to sending email spam that can be disguised as tax return forms, receipts, and so on. It should feature an attached zipped file that contains TrumpLocker.exe (which can be renamed to avoid suspicion) that will infect your PC if you open it.

How do I remove Trump Locker Ransomware?

As you can see, Trump Locker Ransomware is one highly malicious computer infection that can encrypt your personal files and there is no way you can decrypt them for free. However, paying the ransom is a risk because you might not receive the promised decryption key. Therefore, we recommend that you delete it from your PC using our guide. However, you can also use an anti-malware program such as SpyHunter to remove all malicious for you automatically.

Delete the ransomware

  1. Go to your Downloads folder.
  2. Find TrumpLocker.exe, right-click it and click Delete.
  3. Then, go to the desktop and delete RansomNote.exe and What happen to my files.txt
  4. Press Windows+E keys.
  5. Type %Temp% in the address box and press Enter.
  6. Locate uinf.uinf, right-click it and click Delete.
  7. Empty the Recycle Bin.

Delete the registry key

  1. Press Widows+R keys.
  2. Type regedit and press Enter.
  3. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  4. Find TheTrumpLocker on the right side of the window.
  5. Right-click it and click Delete.
100% FREE spyware scan and
tested removal of Trump Locker Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *