Project57 Ransomware

Project57 Ransomware is an annoying infection that was first discovered a few months ago. This is not a very high profile infection, and it looks like it targets only Russian-speaking users. However, it doesn’t mean that it cannot affect users in other countries, too.

Getting infected with a ransomware program is a very stressful experience, but you should not lose hope. Although sometimes you might have to start building your file library from scratch, you should never give these criminals what they ask for because you would only encourage them to distribute more infections. Simply remove Project57 Ransomware from your computer today.

This is a rather peculiar ransomware infection because it will only work if certain requirements are met. Based on what our research team has told us, Project57 Ransomware will function if there is a PHP interpreted DLL called php5ts.dll. This is probably because this ransomware is compiled with a tool called Php2Exe. This tool is used to convert command-line PHP script into EXE format files. So this php5ts.dll file has to be in the same folder as the infection file for the ransomware to work. In other words, it is probably distributed along with the ransomware installer.

This ransomware may spread using all the usual ransomware distribution channels: spam emails, exploits, and other malware. For instance, it could be downloaded onto the target system by a Trojan infection that is already there on the system. Users might also accidentally launch Project57 Ransomware when they open a downloaded file from some email message.

This is one of the many reasons users should be really careful about the email messages they encounter every single day. If an email sounds urgent, and you do not recognize the sender, you should definitely think twice before opening the attached file. Even if you think that the file is very important, you should still scan it with a security tool before you open it. If the attached file happens to be dangerous, the security tool of your choice would inform you about it, and you would be able to avoid a malicious infection.

The peculiar thing about Project57 Ransomware is that it is not clear whether this program is a serious infection. Sure, it does encrypt the files, but the ransom note doesn’t indicate how much the program wants from you. It literally says “0 BTC” in the ransom note, although you are given an email address that you have to contact if you want to get your files back. It is very likely that this infection is still being tested, and the criminals would change the ransom amount in the note later on.

When Project57 Ransomware enters the target system, it goes on to encrypt files in the %USERPROFILE% directory and all of its subfolders. Basically, all the default user file folders (like Pictures, Music, Videos, etc.) get encrypted. If that’s where you keep most of your data, your files will be locked. Once the encryption process is complete, this program opens a window that contains the previously discussed ransom note on the left, and the list of encrypted files on the right. You can also find several random notes on your Desktop in HTML and TXT formats.

Project57 Ransomware doesn’t create a point of execution, so it makes it easier to delete the infection. Unfortunately, due to its low profile, a public decryption tool for this infection might not be available. However, if you have copies of your files saved someplace else, you can delete the encrypted data and then transfer the healthy copies back into your computer. There should also be other methods to restore your files, so please address a professional if you cannot think of anything.

As far as the removal of Project57 Ransomware is concerned, you can locate the malware installer file by search the php5ts.dll file. As mentioned, both files should be in the same location. You also need to kill malicious processes and then delete both files from your computer. If you do not want to deal with that on your own, you can always get yourself a legitimate security tool that would help you terminate Project57 Ransomware for good. Just do not let this ransomware control you.

How Remove Project57 Ransomware

1. Press Ctrl+Shift+Esc and open Task Manager.
2. Click the Processes tab and highlight suspicious processes.
3. Click the End Process button.
4. Run a system search for the php5ts.dll file.
5. When the file is located, open the file location.
6. Delete the php5ts.dll and the EXE file next to it.
7. Scan your system with SpyHunter.