A security breach believed to be in the form of Project ransomware has occurred,
so we will confirm the situation and provide a warning as follows.

Project ransomware

The ransomware is called Project and appears to be changing all files with file name.extension.projectgd.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• It is a C# .NET-based ransomware of the Chaos family. The executable file is copied from the Roaming folder and re-executed as svchost.exe, checks for duplication prevention, and creates a link file in the startup program folder. Basically, encryption is performed after deleting shadow copies and backup catalogs (server) and disabling Windows recovery and error notification functions.

  
  [Figure 3 Checking shadow copies during dynamic operation]

  
  [Figure 4 GUI window creation during dynamic execution]

Infection results

A guide file is created with the name < README.txt > in each folder location, and each encrypted file is changed to <file name.extension.projectgd>.

[Figure 5 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 6 Block message]

Go to the Project blocking video