Donald Trampo Ransomware Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 584
Category: Trojans

Donald Trampo Ransomware is a newly discovered ransomware-type computer infection set to enter your computer by stealth and encrypt many of your files. Therefore, removing it is highly recommended. However, it starts encrypting files upon infection so it is unlikely that you can get rid of it before the encryption. Currently, the algorithm used to encrypt the files is unknown but, in any case, a free decryption tool for it has yet to be developed. Paying the ransom, on the other hand, is not an option because you cannot trust the ransomware’s creators to keep their word and give you the decryption key once you have paid.

Our research has revealed that this new ransomware is disseminated via malicious spam emails that are sent from a dedicated server. The emails pose as legitimate but note that they do not have too much text in them. They come with an attached file, and the email text points the would-be victim to the attached file as they claim that all of the relevant information is inside the file. The file may be disguised as a PDF file. The file can be named as “invoice.pdf_____.exe” or something similar to that. The underscores are usually longer of course to obfuscate the real extension which is an executable file. If you open the attached file, then your PC will become infected immediately as the ransomware creates a copy of itself and drops it at %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup.

The name of the dropped executable is a CLSID-based name. The sample tested on your test computer resulted in the ransomware having the name {F39SN97D-K73M-YLR9-1I59-YW9R799VKF}.exe. The name can vary, of course, as it is randomly generated. This file is created to prevent you from stopping the encryption, if you shut down the computer, the ransomware will continue the encryption once it is booted up again. However, if you boot your PC in Safe Mode before Donald Trampo Ransomware completes the encryption, you can delete it as the ransomware will not start in Safe Mode.

Donald Trampo Ransomware was set to encrypt files stored in %USERPROFILE% and its subfolders. It appends the encrypted files with a .SN-1350860109483654-webmafia@asia.com_donald@trampo.info file extension. The “SN-1350860109483654” part is probably a unique ID to identify the victim. The second part contains two email addresses, and you are expected to message one of them to receive further instructions on how to pay the ransom. Once the encryption is complete, Donald Trampo Ransomware deletes itself and leaves an image at %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup with the same name the malicious file had (e.g. F39SN97D-K73M-YLR9-1I59-YW9R799VKF}.bmp).

In closing, Donald Trampo Ransomware is a dangerous computer infection that can do irreparable damage to your PC. Its developer wants to extract money from you by offering a decryption key that you may or may not receive. Hence, ransomware developers are untrustworthy, so you may also lose a substantial sum of money. Also, the amount to be paid is not specified so it can vary with each unique case. We do not recommend risking paying the ransom. If you want to remove Donald Trampo Ransomware, then you can use the manual removal guide provided below, or you can download our featured anti-malware program — SpyHunter which is more than capable of eradicating this particular infection and protecting your PC from future cyber attacks.

How to delete this ransomware manually

  1. Delete the extracted/downloaded ransomware file from the Downloads folder.
  2. Press Windows+E keys.
  3. Type APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup in the address box of File Explorer and hit Enter.
  4. Delete the executable with the CLSID-based name (e.g. {F39SN97D-K73M-YLR9-1I59-YW9R799VKF}.exe)
  5. Then, delete the ransom note with the CLSID-based name (e.g. F39SN97D-K73M-YLR9-1I59-YW9R799VKF}.bmp)
  6. Empty the Recycle Bin.
Download Remover for Donald Trampo Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Donald Trampo Ransomware Screenshots:

Donald Trampo Ransomware

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *