Hi, I came here because I read the note about the Gameover on June so I assumed my latest hit is Torrentlocker,
Q. Does torrentlocker also leave behind in every directory the files "DECRYPT_INSTRUCTION.TXT, etc?
My story: We had the Cryptolocker earlier this year destroy some files on a server and we then took some steps to prevent further hits with GPO the PC but we had a hit again yesterday. We were lucky our backups were good. Unfortunately the PC was not in my control as it was at a remote office and has since been overwritten and the admin has deleted the encrypted files so I don't have any more info to help. I only know it left behind the same files as noted above.
One thing I would like to find is a solution which looks at the header files and if it sees any with encryption it sends us an alert, or turns off file sharing, or does something helpful!
Please let me know if you have any ideas for me.