Donald Trump Ransomware Builds Walls Around Your Files

0
500

Considering the massive discussions about the Presidential Debate between Hillary Clinton and Donald Trump, it’s no wonder that a ransomware after Trump’s name has already come to life. Currently, there is only a Donald Trump Ransomware, however, no one knows if Clinton wouldn’t be the next ransomware to come.

To be precise, the Donald Trump Ransomware is still in a development stage and it was first compiled over a month ago, so there is a great chance that the virus will never be actively distributed.

Despite the fact that the Donald Trump ransomware contains functions for encrypt files using AES, in its current form the virus does not encrypt anything at all.

Instead of encrypting docs, the ransomware will look for files in the encrypt folder and base64 encode the file names in order to append the .ENCRYPTED extension to any files that match certain file extensions.

These are the extensions targeted by the Donald Trump Ransomware:

.zip, .mp3, .7z, .rar, .wma, .avi, .wmv, .csv, .tax, .sidn, .itl, .mdbackup, .menu, .icarus, .litemod, .sav, .lvl, .raw, .flv, .m3u, .xxx, .pak, .jpg, .png, .docx, .doc, .ppt, .odt, .csv, .jpeg, .psd, .rtf, .cfg, Minecraft, alts.json, .wolfram, .dat, .dat_mcr, .mca, .Ink, .pub, .pptx, .php, .html, .yml, .sk, .txt, .mp4, .vb, .swf, .ico, .xcf, bukkit.jar, .log, .sln, .ini, .dll, .xml, .tex, .assets, .resource, .java, .js, .css, .gif

In this ransomware version you can simply click on the Unlock button to have the files renamed to their original filenames.

No matter that currently the Donald Trump Ransomware is not actively distributed, all users should be very careful with any email attachments they receive during the election. It is a common practice of cyber criminals to send malware attachments disguised as content related to the latest news.

Files associated with the Donal Trump Ransomware:

CRPT-TRX.exe

IOCs:

SHA256: 4cea9dbc941756f7298521104001bc20cb73cfdda06a60a9e90760188661f5e4

SHARE
Nelly Vladimirova

Nelly Vladimirova has been working as a journalist since 1998 with a main focus on Finance, Economics, and IT. In 2004 she graduated the University of Plovdiv, Bulgaria, as a Bachelor in English Philology and Master in Linguistics and Translation. Later, Nelly received a postgraduate certificate in Business Management from Scott’s College, UK. Presently, she is presenting the latest news related to computer security at www.virusguides.com.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.