7ev3n Ransomware Encrypted File
3.0 | 6 Votes
What is an R5A file?
An R5A file is a file that has been encrypted by 7ev3n ransomware, which is malware distributed by cybercriminals. It contains a file, such as a .DOCX, .JPG, .PDF, or .ZIP file, that has been renamed and encrypted by the virus. R5A files can be decrypted for free using a decryption tool available on GitHub.
In 2016, some PC users reported that their computers had been infected by a new form of ransomware called 7ev3n. 7ev3n encrypts, renames, and moves a targeted variety of a user's files. It then shows the user a ransom note. The note includes instructions the user can follow to pay a ransom of 13 Bitcoin and receive a private key that will allow them to decrypt their files.
Later in the year, an additional strain of 7ev3n, called 7ev3n-HONE$T, began infecting computers. 7ev3n-HONE$T asked users to pay only one Bitcoin to decrypt their files, possibly because by this point, a helpful GitHub user named hasherezade had developed a free tool that could be used to decrypt R5A files.
Common R5A Filenames
1.r5a, 2.r5a, 3.r5a, etc. - The names given to files encrypted by 7ev3n ransomware. The files are numbered in the order they were encrypted.
How to open an R5A file
Developers and other advanced PC users may be able to recover the contents of encrypted R5A files using the R5A decrypter available in hasherezade's malware_analysis package on GitHub. The package requires Python.
FileInfo.com recommends you never pay a ransom to decrypt files encrypted by ransomware. Paying a ransom encourages ransomware distributors to continue their efforts, and there is no guarantee that paying a ransom will give you access to your files. Instead, you should restore your data from a recent backup created before the ransomware infected your computer.