EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|Threat Level:||80 % (High)|
|First Seen:||March 15, 2017|
|Last Seen:||September 9, 2022|
The Project34 Ransomware is a ransomware Trojan. Like other encryption ransomware infections, the Project34 Ransomware is designed to make the victims' files inaccessible. To do this, the Project34 Ransomware encrypts them using a strong encryption algorithm. Then, the victim is asked to pay a large ransom to recover the affected files.
By Opening E-Mail Attachments PC Users may Get the Project34 Ransomware
PC security researchers first received reports of the Project34 Ransomware infections on March 13, 2017. The Project34 Ransomware is designed to attack computers using the Windows operating system. The Project34 Ransomware attacks seem to be centered in Asia, particularly in Central Asia and Russian-speaking countries. The countries where the Project34 Ransomware attacks have been reported include Russia, Kazakhstan, Ukraine, Iran, Uzbekistan, Kyrgyzstan and Azerbaijan. The Project34 Ransomware may be delivered through spam email attachments claiming to include a bill in their attachments. The Project34 Ransomware distribution also may leverage social media websites such as Vkontakte and Onoklassniki in its attack. Computer users should refrain from opening unsolicited email attachments and block the automatic execution of scripts on their software to prevent the Project34 Ransomware and similar threats from being installed.
How the Project34 Ransomware Attack is Carried Out
The Project34 Ransomware receives its name because the email address firstname.lastname@example.org is used to carry out payments and communications with victims. The Project34 Ransomware targets a wide variety of file types in its attack, encrypting them by using a strong encryption algorithm. The Project34 Ransomware will encrypt files such as images, media files, and documents created by a variety of applications. The Project34 Ransomware may be associated with an executable file named WindowsUpdate.exe and during its attack it will drop a file named ПАРОЛЬ.txt (PASSWORD.txt) on the infected computer's desktop. The Project34 Ransomware uses a strong encryption method and encrypts its communications with its Command and Control servers. The files that become compromised during the Project34 Ransomware attack will have their names altered, with the Project34 Ransomware's associated email address appended to each affected file's name as a prefix. Once the Project34 Ransomware encrypts a file, it will no longer be readable without the decryption key. The text file dropped by the Project34 Ransomware contains the following text (originally in Russian, translated here into English):
'YOUR FILES ARE PLACED UNDER A PASSWORD
TO GET THE PASSWORD
WRITE US ON email@example.com
WE WILL RESPOND TO YOU WITHIN 20 HOURS
IN A MESSAGE, SPECIFY YOUR IP ADDRESS
IT IS POSSIBLE TO FIND IT VIA 2IP.RU'
Dealing with the Project34 Ransomware Infection
The Project34 Ransomware uses a strong encryption algorithm that has been associated with other threats, such as Locky. Unfortunately, this means that the files encrypted with the Project34 Ransomware cannot be deciphered without the decryption key that is generated during the attack (which the con artists hold in their possession). It is likely that the Project34 Ransomware is associated with the RozaLocker and another family of ransomware Trojans that target computer users in that region. The Project34 Ransomware may ask for a ransom payment of 35,650 Rubles (600 USD/564 EUR) if it follows the same approach as similar threats being used in associated attacks. PC security researchers strongly advise computer users to refrain from paying the Project34 Ransomware ransom. In most cases, the people responsible for the attack will not keep their word and deliver the decryption key; instead, they will keep the ransom payment for themselves or even ask for more money from the victim. Apart from this, paying the Project34 Ransomware ransom allows the people responsible for the attack to continue creating these threats and infecting new computers. Instead of paying the Project34 Ransomware ransom, ensure that your computer is protected against these attacks adequately. The best protection against the Project34 Ransomware and similar infections requires having backup copies of all files.