Project57 Ransomware

Posted by Max Lehmann on February 1, 2019

What is Project57 Ransomware?

Project57 Ransomware is a rather unusual ransomware application since it is compiled while using a tool known as Php2Exe, which is why it can work only with the help of a specific .dll file that it creates right after entering the system. Another thing we find odd about it is it displays a ransom note providing a Bitcoin wallet address for transferring the money, but the message says the user should pay zero Bitcoins. It is difficult to say whether this is a mistake or intentional, as the malware could be still in development mode. In any case, what we recommend for users who encounter it is to restore the files encrypted by the malware with backup copies. Of course, it would be safest to remove Project57 Ransomware first, which is why at the end of the text you will instructions explaining how to get rid of it manually.testtest

Where does Project57 Ransomware come from?

The malicious application might come from untrustworthy file-sharing web pages or Spam emails. To put it simply, Project57 Ransomware’s launcher could be any recently downloaded email attachment or installer. Sometimes such threats are well disguised and to reveal their nature you have to inspect them with a legitimate antimalware tool. Also, in some cases, you can tell if the file might be malicious just by looking at it. For example, the suspicious attachment could be named picture.jpg, but its true extension might be .exe. Moreover, when receiving files via email, it is important to check the sender’s address and verify whether it is legitimate or forged. Plus, make sure you read the message the files come with carefully, as sometimes they include grammatical mistakes, make no sense, or contain other details raising suspicion.

How does Project57 Ransomware work?

The application should run from the directory where it was downloaded and launched. Additionally, it should create a particular file called php5ts.dll, as it cannot work without it. Later, Project57 Ransomware is supposed to start encrypting files available in the %USERPROFILE% subfolders. The enciphered files could be user’s photos, videos, documents, and other data that may have value to the user. The odd part is the malicious application shows a ransom note, which instructs to pay zero Bitcoins to the provided Bitcoin wallet. After making the payment, the hackers say the user should contact them via email to receive a decryption tool.

The same information is displayed not only on Project57 Ransomware’s window but also in other two ransom notes called DECRYPT.html and DECRYPT.txt. Needless to say, such behavior is extremely strange since usually, cybercriminals ask for at least some amount of money. In some cases, the sum depends on how fast the user contacts the malware’s developers and other times it is the same for everyone. It is possible the malicious application’s developers could yet ask for a ransom if victims contact them, but we would not recommend doing it, as there is a chance they might trick you.

How to erase Project57 Ransomware?

If you decide you do not want to contact the hackers we recommend erasing Project57 Ransomware with the steps located at the end of this paragraph or your chosen antimalware tool. If you pick the second option, make sure you pick a legitimate security tool you could trust, then scan the computer with it, and eliminate the ransomware application along with other possible threats by clicking the given removal button.

Eliminate Project57 Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat and right-click it.
  4. Press Open file location and wait till the tool launches a File Explorer window.
  5. Put this window aside, but do not close it and go back to the Task Manager.
  6. Select the malware’s process you located earlier and click End Task.
  7. Exit Task Manager.
  8. Take a look at the earlier opened File Explorer window.
  9. Find a malicious executable file; it should be titled the same as the threat’s process.
  10. Do not close the File Explorer window yet and search for php5ts.dll in the same folder.
  11. Right-click php5ts.dll and select Delete.
  12. Find the malicious application’s ransom notes in your Desktop folder (e.g., DECRYPT.txt)
  13. Right-click them and select Delete.
  14. Exit File Explorer.
  15. Empty your Recycle Bin.
  16. Restart the computer. 100% FREE spyware scan and
    tested removal of Project57 Ransomware*

Stop these Project57 Ransomware Processes:

Sample.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *