Threat Management, Threat Management

Locker file talk? Trump ransomware found to be fraud

Bleeping Computer researchers uncovered more news dealing with President Trump and lockers-however, while it doesn't involve bathroom legislation or unwanted advances it does involve the "cyber."

Dubbed, Trump Locker Ransomware, the variant poses in a presidential fashion but turned out to be an imitation of an earlier variant, according to a Feb. 22 post.

The malware features an image of the nation's 45 president over the words “YOU ARE HACKED” yet features similarities of the VenusLocker ransomware including the same encryption methods and nearly identical payment screens.

Researchers spotted the VenusLocker family in August 2016 and noted the malware received an update in December 2016. Both ransomware variants fully encrypt some files while only partially encrypting other files.

The ransomware variants also share a an identical folder exclusion list, or list of words the ransomware uses to check folder names and to skip encrypting files for certain directory paths.

It is unclear if both ransomwares are being distributed by the same threat actors or if the Trump Locker ransomware was created by reverse engineering the VenusLocker source code, researchers said in the post.

The Trump themed ransomware demands a payment of $165 worth of Bitcoin and victims are instructed to email the threat actors at a Trump themed email address. The malware also features an character sporting a “Guy Fawkes” mask made popular by Anonymous although researchers made no claims of a connection with the threat actors to the hacktivist group.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.