Project57 Ransomware
The Project57 Ransomware is a file-locking Trojan that encrypts digital media, such as documents, for keeping other programs from opening it. This threat also supports pop-ups listing all of the blocked files and two formats of ransoming messages telling you to contact the threat actor's e-mail account. Users who can't restore from backups should contact PC security professionals for their decryption help after having their anti-malware solutions delete the Project57 Ransomware or isolate it.
More Problems for Russia than Just the Scarab Ransomware
Although the Scarab Ransomware is, by far, the most variable, numerous, and well-publicized group of file-locker Trojans targeting Russian victims explicitly, that nation's data is at risk from other Trojans, as well. The Project57 Ransomware gives the readers a heavy-contrast sample of a much, smaller, and less professional campaign that accomplishes similar ends without the same level of polish. While the Project57 Ransomware is neither a Ransomware-as-a-Service (RaaS) business, nor a family unto itself, it does lock your files no less effectively.
The Project57 Ransomware runs off of Delphi, much like the RSAUtil Ransomware, the Extractor Ransomware, or the Cryptoboss Ransomware, but also includes PHP-based features in its payload. The Windows program runsthe AES encryption for locking different media formats of files, such as PNG or JPG images, DOC or TXT documents, and additional content. Besides confirming the basic algorithm, malware researchers can't offer more analysis on its cryptography, and this file-locking conversion of data may or may not be reversible with a third-party decryption application.
This feature also appends a Russian extension onto the names. Unlike some, similar threats, malware experts see no cases of the Project57 Ransomware self-terminating if it's on an 'inappropriate' computer that doesn't have the Cyrillic script available. While most aspects of the Project57 Ransomware remain working, all Russian text, in this circumstance, displays as heavily-accented gibberish (such as 'êîñòÿ áàðàíèí' for the extension).
Ending a Project without a Good Outcome
Russian Windows users that fall victim to the Project57 Ransomware's attacks have a Notepad file, HTML page, and pop-up for both identifying the blocked work and perusing the author's ransoming demands. Although there is no information available on the size of the ransom, many ransoming payments for decryption help fail at procuring the desired results of data recovery. A better option is to have a backup on a secure device, which keeps your media from falling into a potentially irreversible state.
The Project57 Ransomware's campaign is too young for malware experts to estimate its future infection vectors. File-locker Trojans may hide inside of spam e-mail attachments or Web links, use malvertising-distributed exploit kits for downloading themselves through your browser, or even be run after a criminal brute-forces the login of your server. One out of two anti-malware products are deleting the Project57 Ransomware appropriately as a threat, and users wishing to improve these rates should update their security software and provide samples, when available, to the cyber-security industry.
The Project57 Ransomware may be acting against PC owners in Russia, but its author uses language that's inconsistent with the narrative of his being a native speaker. Since there's little telling where the Project57 Ransomware may end up next, everyone, no matter what their nationality, should be taking care of their files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.