Yesterday security researchers came across a new ransom threat called TrumpLocker based on the email id addresses by the cyber criminals into their ransom demand note. This ransom virus uses the US president Donald Trump image on their ransom note page and displayed on the desktop screen of the victim. Read a brief report on their activities and about its characteristics and how you can remove it from your system and stay safe from its attacks. Read the article carefully.
Initial inspection report on TrumpLocker Ransomware
The new TrumpLocker Ransomware is a vicious system threat that has been programmed by the hackers to extort money from worldwide system users. According to researchers they found in their research that the cyber criminals developed a newer or upgraded version of the VenusLocker Ransomware which has been discovered on 4 August 2016 and the upgraded version has been launched on 23 December 2016. It is not been confirmed that the TrumpLocker is also delivered by the same cyber crooks group that designed the VenusLocker or may someone create a clone copy of the VenusLocker then how's it sharing and copying the source code of the VenusLocker ransomware.
TrumpLocker Ransomware : Infection routine followed by the ransom threat
TrumpLocker Ransomware get inside of the users system when a PC user executed a file TrumpLocker.exe on their device. There is not so much classified information about its spreading techniques but according to the experts it also uses the same methods of distribution to the user system via unknown sending spam emails that carries an attachment, displayed malicious ads, dubious downloads such as drive by downloads, freeware, use of exploits kits and other possible things.
TrumpLocker Ransomware executed malicious tasks after intrusion on your computer
When TrumpLocker Ransomware executes their files on your system then it connect itself with their "C & C" remote servers to carry out their vicious works by following web address "https://3q27hfpradjovwyo.onion.cab/ran/gen.php?u=[computer-name]\[login-name]". Then after their servers allows it to encrypts the users files and then after following successful encryption process it leaves a ransom note on the victim's desktop screen which seen like below given :
So if you are thinking to pay the ransom to recover your files using the decryption tool that may be or not provided by the hackers even after your payment. Hence you should use a credible anti-malware to remove TrumpLocker Ransomware and then use your backup to restore your files.
No comments:
Post a Comment