.R5A File Extension

.R5A File Extension

File Type

7ev3n Ransomware Encrypted File

Developer N/A
Popularity
3.8  |  4 Votes
Category Encoded Files
Format N/A

What is an R5A file?

An R5A file is a file that has been encrypted by 7ev3n ransomware, which is malware distributed by cybercriminals. It contains a file, such as a .DOCX, .JPG, .PDF, or .ZIP file, that has been renamed and encrypted by the virus. R5A files can be decrypted for free using a decryption tool available on GitHub.

More Information

In 2016, some PC users reported that their computers had been infected by a new form of ransomware called 7ev3n. 7ev3n encrypts, renames, and moves a targeted variety of a user's files. It then shows the user a ransom note. The note includes instructions the user can follow to pay a ransom of 13 bitcoin and receive a private key that will allow them to decrypt their files.

Later in the year, an additional strain of 7ev3n, called 7ev3n-HONE$T, began infecting computers. 7ev3n-HONE$T asked users to pay only one bitcoin to decrypt their files, possibly because by this point, a helpful GitHub user named hasherezade had developed a free tool that could be used to decrypt R5A files.

Common R5A Filenames

1.r5a, 2.r5a, 3.r5a, etc. - The names given to files encrypted by 7ev3n ransomware. The files are numbered in the order they were encrypted.

How do I open an R5A file?

Developers and other advanced PC users may be able to recover the contents of encrypted R5A files using the R5A decrypter available in hasherezade's malware_analysis package on GitHub. The package requires Python.

Open over 400 file formats with File Viewer Plus.Free Download

Programs that open R5A files

Updated September 21, 2020

Verified by FileInfo.com

The FileInfo.com team has independently researched the 7ev3n Ransomware Encrypted file format and Mac, Windows, and Linux apps listed on this page. Our goal is 100% accuracy and we only publish information about file types that we have verified.

If you would like to suggest any additions or updates to this page, please let us know.