FenixLocker targets Windows OS and its method of distribution is currently unknown. It encrypts files using AES-128 and appends an email address such as .centrumfr@india.com!! or thedon78@mail.com to encrypted files. It drops a ransom note named Help to decrypt.txt or Cryptolocker.txt on the infected system. The ransom payment demand is $500 worth of Bitcoin.

  • Sensors Tech Forum provides more information about FenixLocker here.
  • Emsisoft provides a free decryption tool for FenixLocker here.

One example of the FenixLocker variant. Image Source: PCRisk