.R5A File Extension
7ev3n Ransomware Encrypted File
3.8 | 4 Votes
What is an R5A file?
An R5A file is a file that has been encrypted by 7ev3n ransomware, which is malware distributed by cybercriminals. It contains a file, such as a .DOCX, .JPG, .PDF, or .ZIP file, that has been renamed and encrypted by the virus. R5A files can be decrypted for free using a decryption tool available on GitHub.
In 2016, some PC users reported that their computers had been infected by a new form of ransomware called 7ev3n. 7ev3n encrypts, renames, and moves a targeted variety of a user's files. It then shows the user a ransom note. The note includes instructions the user can follow to pay a ransom of 13 bitcoin and receive a private key that will allow them to decrypt their files.
Later in the year, an additional strain of 7ev3n, called 7ev3n-HONE$T, began infecting computers. 7ev3n-HONE$T asked users to pay only one bitcoin to decrypt their files, possibly because by this point, a helpful GitHub user named hasherezade had developed a free tool that could be used to decrypt R5A files.
Common R5A Filenames
1.r5a, 2.r5a, 3.r5a, etc. - The names given to files encrypted by 7ev3n ransomware. The files are numbered in the order they were encrypted.
How do I open an R5A file?
Developers and other advanced PC users may be able to recover the contents of encrypted R5A files using the R5A decrypter available in hasherezade's malware_analysis package on GitHub. The package requires Python.