A ransomware strain tracked as Rex appends ‘.rex48’ to encrypted files and employs double extortion (72-hour contact window before threatened data publication) against Windows systems. Technical specifics are low-confidence pending independent corroboration of the primary CYFIRMA source; all IOC-level detail should be treated as unverified. Defensive guidance relies entirely on behavioral indicators rather than signature-based detection.