7ev3n ransomware is a nasty strain that encrypts your data and demands 13 bitcoins (almost $5,000) to decrypt your files, which is the largest ransom we've seen to date. In addition to the large ransom demand, 7ev3n really ruins Windows when it's installed. It changes several system settings and boot options so that keyboard keys and system recovery options are disabled on the computer, making it impossible to get past the lock screen. Here's what the ransom note looks like:

7ev3n Ransom Note

When this ransomware is installed it also installs numerous files in the %LocalAppData% folder that disable Windows recovery options and allow the ransomware to run with elevated rights among other things. Currently there is no known free decryption process for 7ev3n. On top of that, even making the system usable again is a real pain. Bleeping computer has some recovery steps you can take.

7ev3n-HONE$T is a new version that was seen in mid April 2016. It renames all of your files with the .R5A extension but unlike its predecessor, it only demands 1 bitcoin or about $400 to decrypt. After the initial ransom note is displayed, the second screen allows its victims to upload three to five files to test decryption. 

UPDATE: There are now free decryptors available for both the 73v3n and 73v3n-HONE$T ransomware strains.


Is Your Network Vulnerable To Ransomware Attacks?

Find out now with KnowBe4's Ransomware Simulator "RanSim", get your results in minutes.
Get RanSim!

« Back To Ransomware Knowledgebase


Get the latest about social engineering

Subscribe to CyberheistNews