We have valuable patient information lost due to some kind of unknown infection. All .doc files were changed from xy.doc to firstname.lastname@example.org.
I tried removing only extension addon, but that isn't the problem solver. I tried to HEX compare files that were backed up and those encrypted and i see many repeatable patterns through encrypted file.
If i provide non-encrypted and encrypted file, could you somehow give me solution to this?
There is no ransom screen or anything, and i haven't seen any processes running in the background that could do this.
I tried scanning the computer with NOD32 Antivirus, ERA Remover and Panda UnRansom locally.
I tried submitting to virustotal with these results:
EDIT: also .jpg files were affected with this
Edited by domyrat, 13 November 2014 - 01:26 AM.