Proyecto X Ransomware

The Proyecto X Ransomware is an encryption ransomware Trojan first observed on April 15, 2019. The Proyecto X Ransomware receives its name because it creates a PDB file named 'Proyecto X.pdb,' which points to the fact that the Proyecto X Ransomware is based on HiddenTear. HiddenTear is an open source ransomware threat that was first observed in 2015 and has spawned countless ransomware variants, such as the Proyecto X Ransomware.

How the Proyecto X Ransomware Attacks a Machine

The Proyecto X Ransomware attack is typical of these threats, using the AES and RSA encryptions to make the victim's files inaccessible. The Proyecto X Ransomware does this to take the victim's files hostage, targeting the user-generated files, which may include video files, images, numerous documents, databases and many others. The Proyecto X Ransomware encrypts the files and renames them by appending the file extension '.robinhood' to each file's name. Threats like the Proyecto X Ransomware and other HiddenTear variants target the files below in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Once the Proyecto X Ransomware has encrypted the victim's files, it delivers a ransom note in the form of a text file in Spanish named 'LEEAME.txt' (Spanish for 'README.txt'). The Proyecto X Ransomware ransom note contains the following message:

':V Tus Archivos Han Sido Enciptados Por ROBIN HOOD COMMUNICATE xiaslow@yandex.com :V'

Below is a translation of the Proyecto X Ransomware's ransom note into English:

':V Your Files Have Been Encrypted By ROBIN HOOD COMMUNICATE xiaslow@yandex.com :V'

Protecting Your Data from Threats Like the Proyecto X Ransomware

If your data has been compromised by the Proyecto X Ransomware attack, malware researchers advise restoring it from a backup copy. This is why having file backups is the best protection against threats like the Proyecto X Ransomware. Unfortunately, it is not viable to decrypt the files compromised by these attacks without the decryption key currently, making backups the main way in which computer users can retain access to their data. It is not a good decision to contact the criminals responsible for the Proyecto X Ransomware attack or pay any ransom. Doing this will usually just put the computer users at risk, increasing the likelihood of them becoming victims of additional attacks or targets of other tactics involving the Proyecto X Ransomware or other malware. A security program can be used to intercept the Proyecto X Ransomware, although it will not be useful in restoring any compromised files.