I'm currently trying to rid a school network of some ransomware but so far neither Trend nor https://id-ransomware.malwarehunterteam.com/identify.php can detect it.
SHA1 for uploaded file - a857f5d6cb2169bc438bfd05653c5aa18fa305eb
The ransom note is the same name as Globe's "Important Information.hta" and the format is very similar.
So far its seemed to propagate mainly via Roaming Profiles used by the Teachers and Admin staff.
Any help would be much appreciated!