What is RONALDIHNO ENCRYPTER ransomware / r7 ransomware?
RONALDIHNO ENCRYPTER ransomware, also known as r7 ransomware, is a harmful program that encrypts all files on computers it infects. This is not done simply out of desire to cause harm, however. The hackers behind this are motivated by financial gain. Encrypted files are completely inaccessible; they cannot be viewed or modified in any way. But this encryption process is reversible. With the right cryptographic key, essentially a password, these files can be decrypted and made accessible again. The hackers offer to do this, and usually charge quite a lot for their “services”.
RONALDIHNO ENCRYPTER doesn’t simply encrypt files; it also renames them. All files affected by the virus receive .r7 file extension. For example, “video.mp4” would be renamed to “video.mp4.r7”. Its ransom note, meanwhile, is called “READ_THIS.txt”. You can read the full text of the note on the image above, but here’s the summary.
The hacker demands only $20 for decryption. This is exceptionally low; usually, the criminals demand hundreds and even thousands of dollars. The note lacks any contact information, but the virus also changes desktop wallpaper to a second note, which mentions the e-mail (firstname.lastname@example.org).
Though the hacker doesn’t ask for much, you might still want to avoid paying for two reasons. First, you have no guarantee that you will get your files back. Second, if you pay, you may become a target of further virus attacks in the future. For this reason, we’ve prepared a guide that will explain how to remove RONALDIHNO ENCRYPTER ransomware and decrypt .r7 files without contacting the criminal.