one of our network drive has been encrypted by a crypto virus. all DOC XLS PDF files have now the JSE extension and an unique size 562ko
we have no ransom note. it came from an user who opened an attached file containing a JSE script disguised in PDF in a RAR file. it created a fly.jse file in the startup menu and many cmd.exe in background that renamed the files on network drive.
ID ransomware says: SHA1: 3bc738d2d662bcb5f3325b3e1f0f011a68e4ba45
trend micro says nemucod but cannot decrypt it.
do you have an idea?
i'm gonna try to link a crypted file