Home Malware Programs Ransomware TrumpHead Ransomware

TrumpHead Ransomware

Posted: January 17, 2019

The TrumpHead Ransomware is a revision of Hidden Tear, a file-locking Trojan 'demonstration' with a code that's available to threat actors at large readily. Although the earliest versions of the TrumpHead Ransomware have no file-locking capabilities, the users should presume that such attacks will become features at a later date. Having anti-malware solutions for uninstalling the TrumpHead Ransomware and backups for further recovery is essential after seeing the symptoms of infection, such as changes to your wallpaper or pop-ups.

Hidden Tear's Presidential Revamp

A threat actor without any better resources than the 'free to all takers' Hidden Tear project is deploying a new version of that threat, the so-called the TrumpHead Ransomware. The ransoming message and encryption, both, are in an in-progress state, and the file-locking Trojan's capabilities at the moment, are minimal. Should its updating continue, then victims can expect to have their files locked or renamed, along with more cosmetic attacks, such as desktop hijackings.

The TrumpHead Ransomware isn't the first threat using a political theme; the anti-Israel Israbye Ransomware, the Kazakhstan-subverting Octopus Trojan, and the Angela Merkel Ransomware all are representative of this thematic subset of file-locking Trojans equally. The TrumpHead Ransomware's executable's name is the single reference it makes to the current US president. Changes could add aesthetic updates to the Trojan's pop-up ransom note, wallpaper or filename alterations.

The AES-based encryption feature of Hidden Tear's base code is inactive in the TrumpHead Ransomware, currently. It does, however, have a new function for resetting the user's desktop background to a custom image (a white-on-black text that redirects the victim to the ransom note). It also opens a text message with the threat actors' ransoming demands for a decryption solution that could unlock any encrypted media automatically. The full release should display an HTML Web page for this note, but malware experts can only find versions of the TrumpHead Ransomware using Notepad TXTs.

How to Trump the World's Most Common Trojan

If its threat actor uses Hidden Tear's default encryption feature, the TrumpHead Ransomware could be decryptable with third-party utilities. However, other possibilities are just as readily implementable from a programming standpoint, not all of which are easily reversible. Malware experts advise backing up your work to portable devices or other PCs in case of infection, whether or not the TrumpHead Ransomware becomes capable of deleting your Windows Restore Points.

Windows users, also, can protect their files by scanning their downloads with appropriate security products, e-mail attachments, and torrents especially, which are much-exploited infection vectors for file-locking Trojans. Some threat actors prefer using backdoor attacks against network-accessible systems, and proper firewall settings and secure logins can guard your local network against such efforts. Like most versions of Hidden Tear, detecting and removing the TrumpHead Ransomware should be easy for almost any anti-malware product.

The TrumpHead Ransomware may have more surprises for its victims than the current samples indicate to malware analysts. Whether its campaign grows much larger or remains a footnote in the complex history of Utku Sen's Hidden Tear and EDA2 projects remains for the future to decide

Loading...