Threat Database Ransomware TrumpHead Ransomware

TrumpHead Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: January 21, 2019
Last Seen: August 28, 2020
OS(es) Affected: Windows

The TrumpHead Ransomware is an encryption ransomware Trojan based on HiddenTear, an open source ransomware platform. The TrumpHead Ransomware was released on January 14, 2019. The TrumpHead Ransomware carries out a typical version of the encryption ransomware tactic, which is to take the victims' files hostage and then demand a ransom payment in exchange for their return.

How the TrumpHead Ransomware Carries Out Its Attack

The TrumpHead Ransomware uses AES encryption to make the victim's files inaccessible, targeting the user-generated files such as the following file types:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .r.

The TrumpHead Ransomware will change the infected computer's desktop image into an image that is comprised of a black screen with a white text overlaid on top after the victim's files have been encrypted. The text contains the following ransom demand for the victim:

'I'm sorry, you're computer has been
compromised by us. All your files are
encrypted now!
Look for the READ_THIS.html file on
your computer (it's everywhere) and
read all the instructions to decrypt
your files again.
Be sure not to RENAME or DELETE'

The TrumpHead Ransomware's ransom note also is contained in a text file named 'READ_THIS.txt,' which contains the following message for the victim:

'Hey there,
Were sorry to tell you that we•ve encrypted ALL your data and there is no other way to get it hack without paying us:
0.8 in BITCOINS to this address: [random characters]
Pay up before it's too late!
You've got IS hours to pay. If you have any questions, Just contact us on this email address:
To speed IS the process: Just send us the following computer id [random characters] send us your btc
payment, transaction ID a. we will send you all instruction how to get your data back.
We are serious people and will always deliver after payment. Be sure NOT to rename
or delete your files, shutdown your commuter or contact the law, otherwise it's gone forever!
We're the best. No one has ever seen such a hacker group as we are.'

Dealing with the TrumpHead Ransomware

Unfortunately, the TrumpHead Ransomware enciphers the files in a way that they cannot be recovered. Computer users shouldn't pay the TrumpHead Ransomware's ransom demand, which amounts to 3,000 USD approximately at the current Bitcoin exchange rate. Instead, it is important to have backup copies of all data. Having file backups ensures that the victims of the TrumpHead Ransomware attack can restore any files lost by replacing them with the backup copy after removing the TrumpHead Ransomware threat itself with the help of a security program that is fully up-to-date.


Most Viewed