It's probably going to be impossible to identify without the ransom note or the malware itself. Do you have the malware? What is being detected as TrojanDownloader.Nemucod.EBG? Unfortunately, Nemucod is actually a downloader, so it isn't always delivering its own ransomware variant, and has been seen distributing other ransomwares.
It was detected by Eset Antivirus as Nemucod EBG and in memory of Windows 10 was the "spec" process. The.virus was an executable file "b.jse". Right now I only have an encrypted file and its original unencrypted for the composition. I will try to get the file that was downloaded in an email and triggered all the infection. In the company of Nemucod also came another generic-Malware that filled the temporary file folder with .nbc extension. In addition, in the attack, Eset blocked the IP 18.104.22.168, with geolocation in Moscow. I did not see any screen or ransom note.
Thank you very much for answering,, Demonslay335
Edited by TaniaMLG, 10 August 2018 - 10:41 AM.