Donald Trump Ransomware In Development

The security researcher Lawrence Abrams has identified a development version of a new ransomware called Donald Trump ransomware.

Donald Trump Ransomware In Progress

The latest ransomware threat that has emerged on the Internet is a development version of a new strain named after Donald Trump. The discovery was reported by Lawrence Abrams from Bleeping Computer. The malware is still under active development and according to the reports it was first compiled over a month ago. As this is still a pre-release version Abrams does not expect to see attack campaigns with it yet.

The Trump ransomware is distributed as spam emails posing as a legitimate newsletter regarding the current presidential elections in the USA. The contents contain an attachment that redirects to an infected domain where the ransomware resides.

The codebase contains a mechanism that encrypts files using the AES cipher, however in the spotted samples this is not activated yet. The current version searches for files found in the encrypt folder and then encodes the file names in base64. After that is achieved the victim files are renamed using the .encrypted extension. The targeted file extensions are the following:

.zip, .mp3, .7z, .rar, .wma, .avi, .wmv, .csv, .tax, .sidn, .itl, .mdbackup, .menu, .icarus, .litemod, .sav, .lvl, .raw, .flv, .m3u, .xxx, .pak, .jpg, .png, .docx, .doc, .ppt, .odt, .csv, .jpeg, .psd, .rtf, .cfg, Minecraft, alts.json, .wolfram, .dat, .dat_mcr, .mca, .Ink, .pub, .pptx, .php, .html, .yml, .sk, .txt, .mp4, .vb, .swf, .ico, .xcf, bukkit.jar, .log, .sln, .ini, .dll, .xml, .tex, .assets, .resource, .java, .js, .css, .gif,

The development version has an Unlock button that reverses the changes. The expert suggests all users to be extremely careful when receiving email with attachments as that is the possible distribution method for most ransomware variants. At this moment only a handful of anti-virus solutions identify the threat.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *