Severity scale:  

Remove Project57 ransomware (Removal Instructions) - Decryption Steps Included

removal by Lucia Danes - - | Type: Ransomware

Project57 ransomware is a Russian cryptovirus that can be found on the internet as an open-source threat

Project57 ransomware

Project57 ransomware is a virus that uses the outdated Dephi+PHP encryption algorithm. These encryption methods[1] are not used often since there are a few newer algorithms but this cryptovirus is still a very dangerous threat because it encrypts users' files and demands ransom when the data gets locked. Since the virus is written in the Russian language, the ransom note called DECRYPT.txt is also written in the same language. However, it doesn't mean that the only target of this ransomware is Russia, it is possible that people all over the world get to encounter this malware on their device. This ransom message gets placed on the device after the file-locking process when your data gets marked using .[].костя баранин (.[].êîñòÿ áàðàíèí if your system doesn't have the right codepage installed) appendix. The ransom note displayed in the text file or HTML window with the same name states about the encryption and suggests to pay if you want to get your files back but we do not recommend doing so because cybercriminals cannot be trusted. 

Name Project57 ransomware
Type Cryptovirus
Encryption algorithm Delphi/ SHA-256
File extension .[].костя баранин
Main executable Project57(1).exe
Language Russian
Preferred cryptocurrency Bitcoin
Removal Use Reimage Reimage Cleaner Intego for the best results if you want to completely remove Project57 ransomware

Project57 ransomware virus is a notorious cyber threat that can be found on the internet because it is an open-source malware that can be downloaded and used by various criminals online. The virus is developed to make targeted files unreadable and locked until the ransom is paid for the developers. Unfortunately, paying is not the best option because it can lead to permanent data or money loss without the decryption.[2]

The ransom note displayed by Project57 ransomware and file extension that goes at the end of every encrypted file are in Russian and it means that the main target is Russian-speaking PC users. However, this fact is not keeping the virus from spreading around the world and affecting various other countries and continents. 

Project57 ransomware generates ransom note in a text file and HTML window, both of them are called DECRYPT and informs the victim about possible dangers and later steps. The DECRYPT.txt file displays the following:

Original text:

Файлы зашифрованы ,что делать?
К вашим файлам был потерян доступ и они больше не читаемы. Воу-воу постойте ка, они же зашифрованы, и они не читаются, но это можно исправить.
Что делать?
Для доступа к ним оплатите 0 биткойнов на кошелек который пришлем если Вы напишете нам: Не забудьте идентификатор: [VICTIM'S_ID]
Мы в любом сдучае не советуем вам обращатся в антивирусные компании в надежду на помощь. ОНИ ВАМ НИ С ЧЕМ НЕ ПОМОГУТ! Надеюсь ,мы все вам сказали ,удачи!


English translation:

Files are encrypted, what to do?
Access to your files has been lost and they are no longer readable. Wait, wait, wait, they are encrypted, and they are not read, but this can be fixed.
What to do?
To access them, pay 0 bitcoins to the wallet that you send if you write to us: Do not forget the ID: [VICTIM'S_ID]
We in any case do not advise you to contact antivirus companies in the hope of assistance. THEY DO NOT HELP YOU WITH ANYTHING! Hope we all told you good luck!

You need to remove Project57 ransomware as soon as possible and various researchers[3] note that the best solution is anti-malware tools like Reimage Reimage Cleaner Intego. Based on the detection rate[4], this is a persistent malware that can disable other security features or programs, so reboot your device in Safe Mode before the system scan.

After Project57 ransomware removal you should also double-check if there is any virus damage on the system or some alterations that can affect the performance of your PC. Added Windows registry keys or additional changes on the device may lead to severe damage that needs to be fixed after the initial virus termination if you want to use your device normally again. 

Project57 virusProject57 ransomware is a cyber threat that uses Delphi encryption algorithm for this open-source malware.

Open-source ransomware as other crypto malware intruders distributed via spam email attachments

Spam campaigns often distribute malware and cyber threats, ransomware is not an exception because infected email attachments contain malicious installs of cryptovirus or trojans that are designed to infiltrate more dangerous threats further on the device.

If you ever receive an email with suspicious attachment in a form of ZIP, RAR, EXE format or even Microsoft Word, Excel and PDF document, be aware that there is a possibility of an infected attachment. The minute you open the file on your system which contains malicious macros direct ransomware code gets on the system and infiltrates the computer.

To avoid these incidents, you can focus on keeping your anti-malware tools up and running. Also, try scanning the downloaded file before opening. But the best tip is deleting unwanted emails with file attachments and avoiding questionable emails in the first place.

Terminate Project57 ransomware and fix virus damage before any other steps

The main thing people tend to focus on is the data decryption but the first thing you need to do when dealing with the notorious cyber threats like Project57 ransomware virus is malware elimination and system cleaning. These are the steps you should first take to make sure that the system is clear and data recovery can be safely performed.

To remove Project57 ransomware from the device completely, you should get professional anti-malware tools and scan the system thoroughly. This is the best way because programs like Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes scans the system fully and indicates what programs or files you need to delete immediately.

Follow the steps during the automatic Project57 ransomware removal and make sure to clean the system thoroughly be scanning the computer again. When you are sure that the machine is malware free you can plug in the external device with your backups or use other alternatives for data recovery.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Project57 virus, follow these steps:

Remove Project57 using Safe Mode with Networking

Reboot the PC in Safe Mode with Networking for better Project57 ransomware removal results:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Project57

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Project57 removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Project57 using System Restore

System Restore feature can also help with the virus termination

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Project57. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Project57 removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Project57 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Project57, you can use several methods to restore them:

Since the file backups are not always there, you can employ Data Recovery Pro for file restoring

Data Recovery Pro can be used for file recovery after Project57 ransomware attack. Also, this method works for accidentally deleted data

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Project57 ransomware;
  • Restore them.

Windows Previous Versions feature can be used for data restoring

When System Restore is enabled, Windows Previous Versions can help to recover your encrypted or lost files

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer is another alternative for data backups

Shadow Volume Copies gives the opportunity to recover your files using ShadowExplorer

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption tool is not available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Project57 and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions


Your opinion regarding Project57 ransomware