The lock screen of this ransomware is segregated into 4 types:

1. Homepage
2. Test decryption screen
3. List of encrypted files
4. How to pay the ransom

These are the four split ups of the Ransomware.     

This ransomware came into play at early 2016. As same as other ransomware this also encrypts the victim’s device and demands the ransom, but this ransomware demands more than 13bitcoins which is remarkably more compared to other ransomware of this level. This demands a huge ransom and as well does a great job by trashing the windows system installed, it modifies a variety of setting and many options so that the system recovery gets disabled on the device. Not only this it also block’s some has certain website specially the security paged so that the tools and utilities cannot be used against it. This leaves the victim no other go than to pay the demanded ransom.

This ransomware will rename the encrypted files to .R5A format and then adds the name of file to the C:users\public\files. 7ev3n target mostly the files with following extensions.

Once the encryption is completed, it contacts the C&C and uploads a variety of information. The C&C server was located at IP address(46.45.169.106) .Once these process are completed the following files will be located at the C: drive \Public folder

How it trashes the infected computer:

When this ransomware gets into the system it installs numerous files in %localAppdata%folder:

In order to make the life harder than it already is for the victim, it creates its own Windows task that executes the above commands every time the victim login.