- Can't be uninstalled via Control Panel
- Installs itself without permissions
- Connects to the internet without permission
- System crashes
- Slow Computer
SevenDays Ransomware was first spotted in Mid-August of 2017. It was designed to infect your PC by stealth and then encrypt your files. However, testing has shown that its ransom note contains no information, no instructions on how to pay the ransom and decrypt your files. Nevertheless, we have received information that a free decryption tool is already available since this ransomware is based on Xorist Ransomware which is decryptable. Hence, SevenDays Ransomware’s free decryptor derived from Xorist Ransomware’s decryptor. Therefore, you can remove this ransomware without hesitation and get all of your files back. To find out more about this malware, please continue reading.
If your computer becomes infected with SevenDays Ransomware, then it launches a dialog box with a long line of text that says "SEVENDAYSSEVENDAYSSEVENDAYS." It also changes the background image of the desktop with a screenshot from the game Counter-Strike: Global Offensive. Then, this ransomware starts encrypting the files. Our research has shown that this ransomware uses the XOR encryption method. However, the good news is that you can decrypt your files for using a decryption tool available online for free. This ransomware targets many file types and can encrypt your documents, images, videos, audios, file archives, executable files, and so on. Basically, it can make most of your personal files unavailable. It appends the encrypted files with a “.SEVENDAYS” file extension that indicates that a file was encrypted. However, erasing the extension will not decrypt your files.
Once it has completed the encryption, SevenDays Ransomware drops a ransom note named “HOW TO DECRYPT FILES.txt.” However, this file contains no information on how to decrypt your files as all it contains are several lines of “SEVENDAYSSEVENDAYSSEVENDAYS.” Hence, there are no instructions on how to pay. The ransom note is dropped in each location where a file was encrypted, so it creates quite a few copies. It also drops the note in two startup locations that include %ALLUSERSPROFILE%\Start Menu\Programs\Startup and %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. Now that you know how this ransomware functions, let us take a look at how it can be distributed.
Determining its distribution methods involves guesswork as there is no concrete information on this particular aspect. We believe that it is most likely distributed using email spam that is sent from a dedicated email server setup by this ransomware’s developers. The emails can pose as legitimate invoices, receipts or a different kind document from a legitimate company. However, it is also possible that the email contains little to no text at all and just features an attached file that can masquerade as a PDF or MS Word document. The attached file is dedicated to dropping the executable that is dropped in the %TEMP% folder. Once the executable file is dropped, a registry key for launching the ransomware on system startup is also created at HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run. The value name of the file is “Alcmeter.” Note that the main executable file is named randomly, but “Alcmeter” will feature the file path to the executable in its value data line, thus, facilitates in identifying the executable so that you could delete it manually.
That is all of the information we currently have on SevenDays Ransomware. It is a dangerous computer infection that encrypts your files and does not demand that you pay a ransom. Thus, it encrypts your files for the sake of encrypting them but, luckily, there is a free decryption tool available for free. Therefore, you can remove this ransomware without hesitation. We recommend using our step-by-step guide provided below or an anti-malware program such as SpyHunter that will make light work of this ransomware.
How to delete SevenDays Ransomware