RektLocker targets Windows OS and the current distribution method is unknown. It uses RSA-2048 encryption and appends .rekt to all encrypted file names. RektLocker creates a ransom note labeled Readme.txt that includes the Bitcoin address for payment but it does not provide any way to communicate with the attacker. Without a method of communication to transmit the decryption key, files cannot be decrypted even if victims pay the ransom. RektLocker demands a ransom payment amount of 1 Bitcoin.

  • Sensors Tech Forum provides more information about RektLocker here.
  • The NJCCIC is not currently aware of any decryption tool available for RektLocker.

One example of the RektLocker variant. Image Source: Sensors Tech Forum