Sounds like something new.
Did you find any ransom notes
? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url
file. Most ransomware will also drop a ransom note in every directory/affected folder where data was encrypted.
Samples of any encrypted files, ransom notes or suspicious executables (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here
) with a link to this topic. Doing that will be helpful with analyzing and investigating by our crypto experts.