A secondary analysis sourcing CYFIRMA researchers reports identification of a ransomware strain called Rex that appends a ‘.rex48’ extension to encrypted files and employs double extortion, encrypting data while threatening public release if ransom is not paid within 72 hours. Windows systems are the reported target, though specific affected versions are unconfirmed and the campaign’s full scope remains under investigation. The business risk is operational disruption from encrypted systems combined with reputational and regulatory exposure from threatened data publication. Critical caveat: CYFIRMA’s original research report is not included in verified sources for this audit. Confidence in technical specifics is low pending independent verification of the primary source and confirmation of platform targeting beyond secondary references.