FenixLocker targets Windows OS and its method of distribution is currently unknown. It encrypts files using AES-128 and appends an email address such as .email@example.com!! or firstname.lastname@example.org to encrypted files. It drops a ransom note named Help to decrypt.txt or Cryptolocker.txt on the infected system. The ransom payment demand is $500 worth of Bitcoin.