Guess what? Yeah, Cryptowall 2.0.
Guess who? yeah, another person "helping a customer find something online" and clicking on random shit. woo!!
Luckily, we take Previous Versions snapshots every 3 hours during work hours, so we were able to restore to 3pm yesterday, an hour and a half before it started.
But why, and how?! All the computers have AV, but not all sites pipe through the main location with a UTM. We haven't been infected by someone from the main location yet...
man this gets old quick.