Trick-Or-Treat Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 2 |
| First Seen: | October 26, 2017 |
| Last Seen: | October 29, 2018 |
| OS(es) Affected: | Windows |
Encryption ransomware Trojans are designed to take the victims' files hostage, using a strong encryption algorithm to make the victim's files unreachable and then demanding a payment of a ransom so that a decryption application necessary to restore the affected files will be provided to the victim. There are numerous Trojans out there that do not encrypt the victim's files, but that do pretend to encrypt the victim's files to scare the victim or demand a ransom payment without carrying out a real attack. These low-level attacks range from what are pranks or threats created by amateurs to more severe threats. The Trick-Or-Treat Ransomware seems to be a prank, although at any moment the Trick-Or-Treat Ransomware could evolve into a threat that encrypts victim's files (since the con artists are always updating their threat creations, and the Trick-Or-Treat Ransomware may be one more ransomware Trojan that is not done).
There's no Trick on a Trick-Or-Treat Ransomware Infection
PC security researchers observed the Trick-Or-Treat Ransomware on October 23, 2017. It is possible that the Trick-Or-Treat Ransomware is being released as a prank to take advantage of the proximity of Halloween. The Trick-Or-Treat Ransomware is delivered to victims in the form of a corrupted spam email attachment. Once installed, the Trick-Or-Treat Ransomware runs as a 'WindowsFormsApplication3.exe,' which sounds like the name of a legitimate Windows service or file process. The Trick-Or-Treat Ransomware displays a program window that makes it seem as if the Trick-Or-Treat Ransomware has encrypted the victim's files. However, the Trick-Or-Treat Ransomware does not have the capability of encrypting the victim's files and is more similar to a screen locker. The Trick-Or-Treat Ransomware simply displays a program window that claims that the victim's files were encrypted, although they were not encrypted. In fact, it does not seem that the Trick-Or-Treat Ransomware is capable of doing much of anything besides displaying this program window. It is possible that the Trick-Or-Treat Ransomware is simply unfinished or that it is meant to be a prank. Either way, it is likely that some computer users may panic or believe the message. The Trick-Or-Treat Ransomware displays a program window on the infected computer with the following content:
'Trick Or Treat
Uh Oh! Your Files Have Been Encrypted.
By Trick Or Treat Ransomware!
[Decrypt My File's!|BUTTON]'
Besides this text, there is an image of a straw doll that seems to relate to the Trick-Or-Treat Ransomware's Halloween theme. It is possible that the people responsible for the Trick-Or-Treat Ransomware may release an update to the Trick-Or-Treat Ransomware closer to Halloween. It would not be particularly complicated for them to update the Trick-Or-Treat Ransomware to include an encryption algorithm to encrypt victim's files, in the same way as most encryption ransomware Trojans that are active do currently.
Dealing with the Trick-Or-Treat Ransomware
If the Trick-Or-Treat Ransomware has been installed on your computer, it can be removed easily with the help of a security product that is fully up-to-date. Fortunately, the Trick-Or-Treat Ransomware is not capable of encrypting the victims' data or carrying out any real attack on the victim's machine besides displaying a somewhat scary message. However, if your computer has become infected with the Trick-Or-Treat Ransomware, then it is likely that your machine is vulnerable to real encryption threat infections. It is therefore important to take the event of the Trick-Or-Treat Ransomware infection as an opportunity to improve your computer system's protections if you need to face a real encryption ransomware Trojan infection. The best protection against these threats is the use of a reliable backup method. Having backup copies of your files means that these files can be restored easily from the backup copy in case they become encrypted. A dedicated security product that is fully up-to-date can prevent threats (both the real kind and threats like the Trick-Or-Treat Ransomware) from entering your computer in the first place.
