TrumpHead Ransomware

TrumpHead Ransomware Description

Type: Ransomware

The TrumpHead Ransomware is an encryption ransomware Trojan based on HiddenTear, an open source ransomware platform. The TrumpHead Ransomware was released on January 14, 2019. The TrumpHead Ransomware carries out a typical version of the encryption ransomware tactic, which is to take the victims' files hostage and then demand a ransom payment in exchange for their return.

How the TrumpHead Ransomware Carries Out Its Attack

The TrumpHead Ransomware uses AES encryption to make the victim's files inaccessible, targeting the user-generated files such as the following file types:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .r.

The TrumpHead Ransomware will change the infected computer's desktop image into an image that is comprised of a black screen with a white text overlaid on top after the victim's files have been encrypted. The text contains the following ransom demand for the victim:

'I'm sorry, you're computer has been
compromised by us. All your files are
encrypted now!
Look for the READ_THIS.html file on
your computer (it's everywhere) and
read all the instructions to decrypt
your files again.
Be sure not to RENAME or DELETE'

The TrumpHead Ransomware's ransom note also is contained in a text file named 'READ_THIS.txt,' which contains the following message for the victim:

'Hey there,
Were sorry to tell you that we•ve encrypted ALL your data and there is no other way to get it hack without paying us:
0.8 in BITCOINS to this address: [random characters]
Pay up before it's too late!
You've got IS hours to pay. If you have any questions, Just contact us on this email address: wegotyoudata@protonmail.com
To speed IS the process: Just send us the following computer id [random characters] send us your btc
payment, transaction ID a. we will send you all instruction how to get your data back.
We are serious people and will always deliver after payment. Be sure NOT to rename
or delete your files, shutdown your commuter or contact the law, otherwise it's gone forever!
We're the best. No one has ever seen such a hacker group as we are.'

Dealing with the TrumpHead Ransomware

Unfortunately, the TrumpHead Ransomware enciphers the files in a way that they cannot be recovered. Computer users shouldn't pay the TrumpHead Ransomware's ransom demand, which amounts to 3,000 USD approximately at the current Bitcoin exchange rate. Instead, it is important to have backup copies of all data. Having file backups ensures that the victims of the TrumpHead Ransomware attack can restore any files lost by replacing them with the backup copy after removing the TrumpHead Ransomware threat itself with the help of a security program that is fully up-to-date.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.