This is a particular nasty methode of asking money from the unaware users. The type of malware encrypts definitely not only files on your disk, but especially your networkdrives and shares. This includes files not written by you but by other collegues if there is write access e.g. the shared folders. If you notice something nasty, alot of files have changed dates, the quick way is just unplug your network cable and call us as quickly as possible! You can notice for instance if you have filenames in your harddisk or network share with parts like these (these names are from the DICT shares, so they are real and happened):
"HELP_DECRYPT" "DECRYPT_INSTRUCTION" "Decrypt-All-Files" "HOW_DECRYPT" "AllFilesAreLocked" "DecryptAllFiles" "INSTALL_TOR" "HowDecrypt" "HELP_YOUR_FILES" "Help_Your_Files" "HELP_RESTORE_FILES" "how_recover" "Decrypt All Files" "encryptor_raas_readme" "HELP_TO_SAVE_YOUR_FILES" "help_recover_instructions" "_H_e_l_p_RECOVER_INSTRUCTIONS" "BitMessage_BM" "antivirusebola"
But possible others, you get the idea. If you see one of these, it’s possible already too late (unless someone is fooling you from the department, but I hope not). You can check the contents of your files and if you see garbage, disconnect the network from your laptop and come to us as quickly as possible so we can still rollback to a state with minimal loss, not only for you but for the whole department!
Just don’t click on anything if you visit an unknown webpage. Don’t get fooled by especially those fake Download here buttons. Try to find out the URL where it’s really pointing at before you click.