Found 4 folders on a network shared drive with the 3 HELP_DECRYP files in each of the 4 folders 4 days ago.
Deleted the folders ,restored from backup, ran ListCwall script on server = nothing encrypted.
On the hunt for source PC. Scanning with NortonPowerEraser, running listcwall, checking the registry keys and user account files mentioned in your fine article.
Have searched every folder on shared File server 3 separate times
Believe I found one source and it off network now. Still have some PC's to get to that are on my top suspect list .
Have looked at ransom site, have 4 days til deadline. Have found NO encrypted files yet on our network.
So my question is ... have we lucked out? Shouldn't we have encrypted files with changed file name by now ?
Thanks for all ya'll do !