Threat Database Ransomware Project34 Ransomware

Project34 Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 15,768
Threat Level: 80 % (High)
Infected Computers: 146
First Seen: March 15, 2017
Last Seen: September 9, 2022
OS(es) Affected: Windows

The Project34 Ransomware is a ransomware Trojan. Like other encryption ransomware infections, the Project34 Ransomware is designed to make the victims' files inaccessible. To do this, the Project34 Ransomware encrypts them using a strong encryption algorithm. Then, the victim is asked to pay a large ransom to recover the affected files.

By Opening E-Mail Attachments PC Users may Get the Project34 Ransomware

PC security researchers first received reports of the Project34 Ransomware infections on March 13, 2017. The Project34 Ransomware is designed to attack computers using the Windows operating system. The Project34 Ransomware attacks seem to be centered in Asia, particularly in Central Asia and Russian-speaking countries. The countries where the Project34 Ransomware attacks have been reported include Russia, Kazakhstan, Ukraine, Iran, Uzbekistan, Kyrgyzstan and Azerbaijan. The Project34 Ransomware may be delivered through spam email attachments claiming to include a bill in their attachments. The Project34 Ransomware distribution also may leverage social media websites such as Vkontakte and Onoklassniki in its attack. Computer users should refrain from opening unsolicited email attachments and block the automatic execution of scripts on their software to prevent the Project34 Ransomware and similar threats from being installed.

How the Project34 Ransomware Attack is Carried Out

The Project34 Ransomware receives its name because the email address project34@india.com is used to carry out payments and communications with victims. The Project34 Ransomware targets a wide variety of file types in its attack, encrypting them by using a strong encryption algorithm. The Project34 Ransomware will encrypt files such as images, media files, and documents created by a variety of applications. The Project34 Ransomware may be associated with an executable file named WindowsUpdate.exe and during its attack it will drop a file named ПАРОЛЬ.txt (PASSWORD.txt) on the infected computer's desktop. The Project34 Ransomware uses a strong encryption method and encrypts its communications with its Command and Control servers. The files that become compromised during the Project34 Ransomware attack will have their names altered, with the Project34 Ransomware's associated email address appended to each affected file's name as a prefix. Once the Project34 Ransomware encrypts a file, it will no longer be readable without the decryption key. The text file dropped by the Project34 Ransomware contains the following text (originally in Russian, translated here into English):

'YOUR FILES ARE PLACED UNDER A PASSWORD
TO GET THE PASSWORD
WRITE US ON project34@india.com
WE WILL RESPOND TO YOU WITHIN 20 HOURS
IN A MESSAGE, SPECIFY YOUR IP ADDRESS
IT IS POSSIBLE TO FIND IT VIA 2IP.RU'

Dealing with the Project34 Ransomware Infection

The Project34 Ransomware uses a strong encryption algorithm that has been associated with other threats, such as Locky. Unfortunately, this means that the files encrypted with the Project34 Ransomware cannot be deciphered without the decryption key that is generated during the attack (which the con artists hold in their possession). It is likely that the Project34 Ransomware is associated with the RozaLocker and another family of ransomware Trojans that target computer users in that region. The Project34 Ransomware may ask for a ransom payment of 35,650 Rubles (600 USD/564 EUR) if it follows the same approach as similar threats being used in associated attacks. PC security researchers strongly advise computer users to refrain from paying the Project34 Ransomware ransom. In most cases, the people responsible for the attack will not keep their word and deliver the decryption key; instead, they will keep the ransom payment for themselves or even ask for more money from the victim. Apart from this, paying the Project34 Ransomware ransom allows the people responsible for the attack to continue creating these threats and infecting new computers. Instead of paying the Project34 Ransomware ransom, ensure that your computer is protected against these attacks adequately. The best protection against the Project34 Ransomware and similar infections requires having backup copies of all files.

Trending

Most Viewed

Loading...