Project57 ransomware (Removal Instructions) - Decryption Steps Included

Project57 virus Removal Guide

What is Project57 ransomware?

Project57 ransomware is a Russian cryptovirus that can be found on the internet as an open-source threat

Project57 ransomwareProject57 ransomware virus is a product from crypto-demanding cybercriminals who focus on locking your important files.

Project57 ransomware is a virus that uses the outdated Dephi+PHP encryption algorithm. These encryption methods[1] are not used often since there are a few newer algorithms but this cryptovirus is still a very dangerous threat because it encrypts users' files and demands ransom when the data gets locked. Since the virus is written in the Russian language, the ransom note called DECRYPT.txt is also written in the same language. However, it doesn't mean that the only target of this ransomware is Russia, it is possible that people all over the world get to encounter this malware on their device. This ransom message gets placed on the device after the file-locking process when your data gets marked using .[].костя баранин (.[].êîñòÿ áàðàíèí if your system doesn't have the right codepage installed) appendix. The ransom note displayed in the text file or HTML window with the same name states about the encryption and suggests to pay if you want to get your files back but we do not recommend doing so because cybercriminals cannot be trusted.

Name Project57 ransomware
Type Cryptovirus
Encryption algorithm Delphi/ SHA-256
File extension .[].костя баранин
Main executable Project57(1).exe
Language Russian
Preferred cryptocurrency Bitcoin
Removal Use FortectIntego for the best results if you want to completely remove Project57 ransomware

Project57 ransomware virus is a notorious cyber threat that can be found on the internet because it is an open-source malware that can be downloaded and used by various criminals online. The virus is developed to make targeted files unreadable and locked until the ransom is paid for the developers. Unfortunately, paying is not the best option because it can lead to permanent data or money loss without the decryption.[2]

The ransom note displayed by Project57 ransomware and file extension that goes at the end of every encrypted file are in Russian and it means that the main target is Russian-speaking PC users. However, this fact is not keeping the virus from spreading around the world and affecting various other countries and continents.

Project57 ransomware generates ransom note in a text file and HTML window, both of them are called DECRYPT and informs the victim about possible dangers and later steps. The DECRYPT.txt file displays the following:

Original text:

Файлы зашифрованы ,что делать?
К вашим файлам был потерян доступ и они больше не читаемы. Воу-воу постойте ка, они же зашифрованы, и они не читаются, но это можно исправить.
Что делать?
Для доступа к ним оплатите 0 биткойнов на кошелек который пришлем если Вы напишете нам: Не забудьте идентификатор: [VICTIM'S_ID]
Мы в любом сдучае не советуем вам обращатся в антивирусные компании в надежду на помощь. ОНИ ВАМ НИ С ЧЕМ НЕ ПОМОГУТ! Надеюсь ,мы все вам сказали ,удачи!

English translation:

Files are encrypted, what to do?
Access to your files has been lost and they are no longer readable. Wait, wait, wait, they are encrypted, and they are not read, but this can be fixed.
What to do?
To access them, pay 0 bitcoins to the wallet that you send if you write to us: Do not forget the ID: [VICTIM'S_ID]
We in any case do not advise you to contact antivirus companies in the hope of assistance. THEY DO NOT HELP YOU WITH ANYTHING! Hope we all told you good luck!

You need to remove Project57 ransomware as soon as possible and various researchers[3] note that the best solution is anti-malware tools like FortectIntego. Based on the detection rate[4], this is a persistent malware that can disable other security features or programs, so reboot your device in Safe Mode before the system scan.

After Project57 ransomware removal you should also double-check if there is any virus damage on the system or some alterations that can affect the performance of your PC. Added Windows registry keys or additional changes on the device may lead to severe damage that needs to be fixed after the initial virus termination if you want to use your device normally again.

Project57 virusProject57 ransomware is a cyber threat that uses Delphi encryption algorithm for this open-source malware.

Open-source ransomware as other crypto malware intruders distributed via spam email attachments

Spam campaigns often distribute malware and cyber threats, ransomware is not an exception because infected email attachments contain malicious installs of cryptovirus or trojans that are designed to infiltrate more dangerous threats further on the device.

If you ever receive an email with suspicious attachment in a form of ZIP, RAR, EXE format or even Microsoft Word, Excel and PDF document, be aware that there is a possibility of an infected attachment. The minute you open the file on your system which contains malicious macros direct ransomware code gets on the system and infiltrates the computer.

To avoid these incidents, you can focus on keeping your anti-malware tools up and running. Also, try scanning the downloaded file before opening. But the best tip is deleting unwanted emails with file attachments and avoiding questionable emails in the first place.

Terminate Project57 ransomware and fix virus damage before any other steps

The main thing people tend to focus on is the data decryption but the first thing you need to do when dealing with the notorious cyber threats like Project57 ransomware virus is malware elimination and system cleaning. These are the steps you should first take to make sure that the system is clear and data recovery can be safely performed.

To remove Project57 ransomware from the device completely, you should get professional anti-malware tools and scan the system thoroughly. This is the best way because programs like FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes scans the system fully and indicates what programs or files you need to delete immediately.

Follow the steps during the automatic Project57 ransomware removal and make sure to clean the system thoroughly be scanning the computer again. When you are sure that the machine is malware free you can plug in the external device with your backups or use other alternatives for data recovery.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Project57 virus. Follow these steps

Manual removal using Safe Mode

Reboot the PC in Safe Mode with Networking for better Project57 ransomware removal results:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Project57 using System Restore

System Restore feature can also help with the virus termination

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Project57. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Project57 removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Project57 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Project57, you can use several methods to restore them:

Since the file backups are not always there, you can employ Data Recovery Pro for file restoring

Data Recovery Pro can be used for file recovery after Project57 ransomware attack. Also, this method works for accidentally deleted data

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Project57 ransomware;
  • Restore them.

Windows Previous Versions feature can be used for data restoring

When System Restore is enabled, Windows Previous Versions can help to recover your encrypted or lost files

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer is another alternative for data backups

Shadow Volume Copies gives the opportunity to recover your files using ShadowExplorer

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption tool is not available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Project57 and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions