FenixLocker targets Windows OS and its method of distribution is currently unknown. It encrypts files using AES-128 and appends an email address such as .firstname.lastname@example.org!! or email@example.com to encrypted files. It drops a ransom note named Help to decrypt.txt or Cryptolocker.txt on the infected system. The ransom payment demand is $500 worth of Bitcoin.