the Project34 Ransomware
The Project34 Ransomware is a crypto-Trojan that originates from Russia probably and is meant to target users who reside in countries where Russian is the primary language. This, probably, is the most likely reason why the Project34 Ransomware’s ransom message is written in Russian entirely, and the author has not even bothered to include a translation to any other language. Although the ransom note is in a foreign language, it is fairly short so that most people would be able to understand it with the help of a translation service. The translated ransom message states that the user’s files have been locked and the only way to recover them is to contact the attacker by sending an e-mail to [email protected] and include the computer’s IP address in the message. The [email protected] address is featured not only in the ransom note but also in the name of every file that the Project34 Ransomware manages to lock. Unlike most pieces of crypto-threats like the Cerber Ransomware or the ‘.locky File Extension’ Ransomware, the Project34 Ransomware does not append an extension to the end of the file name. Instead, it adds the string ‘[email protected]’ at the beginning of the file’s name (e.g. ‘file.png’ will be renamed to ‘[email protected]’). This makes it easy for victims of this threat to identify which of their files have been encrypted and determine how much damage the Project34 Ransomware was able to cause. The peculiar thing is that the Project34 Ransomware does not use an encryption algorithm. Instead, it relies on a simpler technique that involves a fake ‘WindowsUpdate.exe’ file that launches WinRar and puts many of the user’s files in documents that are password-protected.
Apart from including a ransom message written in Russian, the file name that stores the message also bears a Russian name – ‘пароль.txt’ (translates to ‘password.txt’). Although a ransom payment is not mentioned in the note, it is certain that the goal of the Project34 Ransomware’s author is to extort its victims for money by promising to provide them with a password in exchange for some money. Often, ransomware operators prefer to use Bitcoins for payments, but it is not unlikely for Russian cyber crooks to rely on some other payment techniques as well. If you suspect that your files were locked by the Project34 Ransomware, you should know that contacting the authors and fulfilling their demands is not guaranteed to get you out of the situation you are in.
Due to the Project34 Ransomware’s low infection rate, there’s no way to tell whether the archived password can be recovered for free. However, this does not mean that paying the ransom sum is the correct way to approach the issue, and we advise victims of this threat to do the opposite – refrain from contacting the attacker and take the matter into their own hands. Recovering from the Project34 Ransomware’s attack should start with running an anti-malware scanner that will eradicate the crypto-threat’s files. The locked files should be preserved since they’ll come in handy if a free decryption tool gets released.