Trump.exe; the fake ransomware that exploits the image of President Donald Trump

US President Donald Trump always resorts to the term ‘fake news’ to refer to news reports that are not favorable to him, and despite criticism for his constant attacks on the press, this time the term fits perfectly with the incidents reported by digital forensics specialists.

Recently, several cases of a fake Donald Trump themed ransomware have been reported; the operators of this campaign deliver a malicious file via email seeking to trick the victims by displaying a ransom note to make profits by decrypting files that were never actually encrypted.

When the alleged ransomware is installed on the victims’ computers (thanks to the trump.exe file), the hackers lock the targeted computer and display only an image of Trump, in addition to the ransom note feature on almost every ransomware infection.

The digital forensics experts at the malware research firm Cisco Talos Intelligence mention that they have accumulated multiple evidences about this fake ransomware. A report signed by Cisco expert Nick Biasini mentions: “The collected samples do not encrypt the victim’s data, or in some cases only partially and poorly do so. The main goal is to trick users into believing that their information has been locked or completely lost, which forces them to pay a ransom when their screen was just locked”.

A Putin Locker’s screenshot

In addition to the image of President Trump, the operators of this campaign are also using the image of Russian President Vladimir Putin to lock the screens of hundreds of victims and display a threatening message: “Your PC has been blocked by PuTiN malware “, or some similar message. In these attacks, the victims’ wallpaper is also modified, showing a pattern of burning skulls.

After completing its installation, this Putin-themed malware locks the victims’ screens, removes the icons from the desktop and the taskbar, in addition to the task manager. Victims are then shown the method to contact the hackers and set a ransom figure.

Although the research is still ongoing, digital forensics experts say these infections are likely to start through massive spam campaigns on social media and via email. “Potential victims are exposed to fake advertisements or emails related to the prevention of banking fraud; some of these messages are sent by supposed risk prevention executives from companies like Visa,” the experts mention.

A “Donald Trump Error” screenshot

A few months ago, multiple cases of infection with locker malware using Trump’s image (known as Donald Trump Error) were detected, although further details about its developers and goals are still unknown.

As digital forensics specialists from the International Institute for Cyber Security (IICS) mention, the proximity of the 2020 US presidential election makes it much more likely that technology users will become victims of Internet scams involving the use of political themes.