Threat Database Ransomware Project57 Ransomware

Project57 Ransomware

By GoldSparrow in Ransomware

The Project57 Ransomware is a file encoder Trojan that was reported on December 28th, 2018. The Project57 Ransomware Trojan behaves like most cyber-threats in the same malware class. The Project57 Ransomware is dropped to systems via spam emails, which direct the users to load a corrupted document. The program is installed via a macro script that is executed in the system background, and the users are not likely to spot anything disconcerting until it is already too late. The Project57 Ransomware is known to apply a custom AES cipher to text, photos, databases, audio and video indexed on infected devices. The Project57 Ransomware can run on the latest versions of Windows and run commands in the Command Line tool so that data recovery is made impossible using the native recovery features on Windows.

The affected files receive the '.[ti_kozel@lashbania.tv].костя баранин' extension. The file marker includes characters in a Cyrillic encoding that may not be displayed by your version of Windows correctly. For example, 'Elafonissi Beach—Greece.jpeg' is renamed to 'Elafonissi Beach—Greece.jpeg.[ti_kozel@lashbania.tv].костя баранин.' The Project57 Ransomware is observed to generate a program window titled 'abakaniya@kozel.tv.' However, the contact listed by the threat authors is 'ti_kozel@lashbania.tv,' and the Project57 Ransomware may be the first to come from a new Ransomware-as-a-Service platform. The ransom window includes a list of addresses of the encrypted files and the following text (translated version):

'Files are encrypted, what to do?
Access to your files has been obstructed, and they are no longer readable. Wait, wait, wait, they are encrypted, and they are not readable, but this can be fixed.
What to do?
To access them, pay 0 bitcoins to the wallet that you will receive if you write to us: ti_kozel@lashbania.tv.
Don't forget the ID: [random characters]
Information
We, in any case, do not advise you to contact antivirus companies in the hope of assistance. THEY DO NOT HELP YOU WITH ANYTHING!'

It is speculated that the Project57 Ransomware is made by Russian-speaking threat actors given all attack markers mentioned above. It is not uncommon for threat developers to launch false-flag-attacks as a way to mislead AV companies and law enforcement agencies. PC users may have trouble removing the 'abakaniya@kozel.tv' window judging by users reports saying that their desktops seem unresponsive after being infected with the Project57 Ransomware. You may need to seek help from a computer technician, and it is recommended that you avoid writing to 'abakaniya@kozel.tv' and 'ti_kozel@lashbania.tv.' Computer security researchers advise the users to make data backups as often as possible and make sure to use reliable spam filters. Removing the Project57 Ransomware should not be difficult with the help of a credible anti-malware utility. Detection names for the Project57 Ransomware include:

HEUR/QVM05.1.235D.Malware.Gen
Malware.Undefined!8.C (CLOUD)
Trojan.PHP!+jCDCWOmXuM
Trojan.Win32.Generic.pak!cobra
Trojan.Winlock.PHP
W32/A-653ff890!Eldorado
Win.Trojan.Agent-1109381
Win32.Troj.LockScreen.A.(kcloud)

Trending

Most Viewed

Loading...