Stax virus starts the infection by dropping the payload and then moves to the encryption. The file-locking process can be quick because the threat chooses particular data for the encoding and marks altered files using .stax appendix. The marker is there for the indication, so people suffering from the infection can see which files are affected. Encryption makes files unopenable, so the person cannot know the content of the video, audio, or document file. However, criminals code the ransomware to search for commonly used files, so the data locked is more valuable. There are particular formats of files that the threat is not encoding, but many pieces on the machine can get affected by the cryptovirus.