I've got a client that called this morning unable to open some PDFs, DOCs, JPGs, and XLSs. I found that they have been encrypted, but no other signs of a virus are there. It all happened back on 9-15. It crawled their mapped drives in addition to their user folder.
What's strange is I can't find any HOW_DECRYPT.txt files or anything like that. Nor were there any changes to the background, or pop up windows asking for a ransom. It's entirely possible that their AV blocked the main payload, but somehow the encryption thread got going, but that's rather unlikely.
Anyways, has anyone seen something like this before? I have a couple samples if you would like to compare them to other variants of Cryptolocker. I did try uploading to the Fireeye Fox-it guys, but the site said it wasn't Cryptolocker.
Thanks for the info in advance,