FANDOM


REKTLocker is a ransomware that stealthily infiltrates the system and encrypts various files.

Payload

During encryption, REKTLocker appends names of encrypted files with ".rekt" extensions and, thus, it is straightforward to determine which files are encrypted. Following successful encryption, REKTLocker changes the desktop wallpaper, and creates a text file ("Readme.txt") and places it on the desktop.

The wallpaper and text file inform victims of the encryption. It is stated that files are encrypted using 2048 bit encryption (an asymmetric algorithm). Note that public (encryption) and private (decryption) keys are generated when encrypting files using asymmetric cryptography. Decryption without the private key is impossible, since it is stored on remote servers controlled by cyber criminals. Developers of REKTLocker attempt to sell this key to victims. The size of ransom (i.e. the cost of the private key) is 1 Bitcoin.

The message reads:

Your PC has been
locked with 2048 bit 
encryption.
REKTLocker
Community content is available under CC-BY-SA unless otherwise noted.