This is an update to SMendoza's post.
So we ultimately found the host of this brand new variation of crypt0locker. We were able to locate it by reviewing the Windows Security Event log, mainly looking for logon events to the affected server or workstations between seconds to 10 minutes prior to the encryption starting.
This version uses 6 files as its program engine, however the method in which it gains access to the initial host is still undetermined. The files it uses are ps.exe, samsam.exe, f.bat, and reg.bat. It will store the affected systems public keys and exe files in the C:\temp on the host machine. The xml files will be stored as <servername>_PublicKey.xml.
This variation is still very new, and we are still looking into this, but we have already submitted the information to microsoft, and they have generated a new definition for this specific variation. The microsoft name for the virus is Ransom:MSIL/Samas.A in definition 1.213.1712.0.
As far as the decryption is concerned, I am not certain as to whether or not the encryption can be reversed, as we are in the mindset right now of every other cryptolocker recovery, either by restoration, or total loss.
As we look further into this, I'll update this with what each component of this does. I know right now that f.bat is the cause for the removal of all shadow copies.