The 7ev3n-HONE$T ransomware encrypts and renames your files to R5A!!

A brand new type of the 7ev3n Ransomware has been recently discovered. This ransomware will encrypt your data and then ransom your files for approximately $400 USD in bitcoins. It is currently unknown how it is being distributed or what encryption type it uses.

After 7ev3n-HONE$T encrypts your data, it will rename your files to sequential numbers using the .R5A extension.

For instance, a folder’s files would be renamed to 1.R5A, 2.R5A, 3.R5A, etc. After that, 7ev3n-HONE$T will add the name of the encrypted file to the C:\Users\Public\files file.

Once the ransomware has finished encrypting your data, it will connect to the Command & Control server and upload a variety of information and statistics. The information sent is your assigned bitcoin address, the total amount of files encrypted, the amount of each type of file extensions, and your unique ID.

7ev3n-hone$t-ransomware

In this case, the ransomware lock screen is broken up into four different windows.
The first window is the main lock screen and it displays the ransom note and bitcoin address that payment should be sent to. The second screen lets you perform a test decryption on three to five files. The third screen shows a list of the encrypted files, and the fourth screen provides information on how to pay the ransom.