I have 2 network drives wiped by *.vvv files (and the associated ransom files). Drives are located on a Synology box, which I don't think can be infected itself (?).
There are several Windows 7 computers possible connecting to these drives (this is an educational environment) but I haven't been able to find any tell-tale signs yet - none have local files destroyed with the .vvv extension. Went through the hosts file, processes, msconfig, etc. and found nothing. Is there an easy way/file that identifies what computer has the ransomware on it that spread to the network shares?
It would seem from the things I read (ransom messages, most files non opening, etc) an infected computer would be obvious, but I have not heard a thing/complaint from any user having problems with their laptop.
Thank you for any advice, if this is more appropriate in the Removal Forum, please let me know and I'll move this over.
Nathan
Edited by Chris Cosgrove, 04 December 2015 - 05:09 AM.
Moved from AII to 'General security'