Do you know what SevenDays Ransomware is?
If your computer has become infected with SevenDays Ransomware, then you are in a lot of trouble, because it can encrypt your personal files. The bad news is that it does not ask you for money to decrypt your files because it encrypts your files for the sake of encrypting them. Removing this program is highly recommended because there is nothing you can do to reverse the damage that it does to your files, and it can encrypt new files if you allow it to remain. It was first spotted at the beginning of August 2017. Its distribution methods are still unknown, but it is possible that its developers distribute it using email spam.
While there is no evidence to suggest that it is definitely distributed via email spam, our researchers believe that that is the most likely distribution channel and it is often used for ransomware-type infections in general. SevenDays Ransomware’s developers may have setup an email server dedicated to sending spam mail to random email addresses in an effort to infect as many computers around the world as possible. The emails can be disguised as tax return forms, receipts, invoices, and so on to convince you to open the attached file that will infect your PC with this ransomware. The location of the executable file of this ransomware is random, but you can find its location by opening the Windows Registry Editor and going to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run and locating a string named “Alcmeter” which is created by this ransomware. Its value data contains the file path to this ransomware’s executable (e.g. C:\Users\user\AppData\Local\Temp\5To5e0wK2ecObSg.exe.) the executable file can be named randomly using upper-case and lower-case characters.
Once on your PC, SevenDays Ransomware will run on each system startup, so you cannot bypass its launch. Researchers say that it was coded using the ransomware engine from Xorist Ransomware that used the XOR encryption method. Once executed, this ransomware shows an error message saying “SEVENDAYSSEVENDAYSSEVENDAYS.” It then changes the desktop background image and encrypts the files. It appends all encrypted files with a “.SEVENDAYS” extension. Note that it does not change the name of the encrypted files like some ransomware-type infections do. Once the files have been encrypted, it will drop a ransom note.SevenDays Ransomware screenshot
Scroll down for full removal instructions
The ransom note is dropped in two locations: %ALLUSERSPROFILE%\Start Menu\Programs\Startup and %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. The ransom note file is named HOW TO DECRYPT FILES.txt, and it is a simple text file. Inside this file, you will find a long string of “SEVENDAYSSEVENDAYSSEVENDAYSSEVENDAY" and nothing else. There are no instructions on how to pay the ransom or how much to pay. Therefore, it seems that this ransomware encrypts files for the sake of encrypting them. The good news is that you may be able to decrypt your files or free as we have heard that a free decryption tool was being developed.
Ransomware-type infections have become very prominent over the years, so an anti-malware program such as SpyHunter is a must have to protect your PC and your files from corruption. Since there should be a decryption tool that is due to be released soon, we recommend that you delete SevenDays Ransomware using an anti-malware program or the manual removal guide made by our cyber security experts.
How to delete this ransomware manually
- Press Windows+R keys.
- Type regedit in the dialog box and click OK.
- In the Registry Editor, go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
- Locate Alcmeter.
- Right-click Alcmeter and click Modify.
- Copy the file path in the value data box.
- Close the Registry editor.
- Press Windows+E keys.
- Paste the file path minus the name of the executable file in the address box.
- Press Enter.
- Right-click the malicious file and click Delete.
- Right-click the Recycle Bin icon and click Empty Recycle Bin.
In non-techie terms:
SevenDays Ransomware is a new ransomware that can encrypt your files after compromising your computer’s security. It is likely distributed via email spam and fill launch immediately after infection. All you can do is remove it because it does not ask money for a decryption key, but you may be able to decrypt your files with a free decryption tool that may already be available online.