WSOCTV in Charlotte, North Carolina's reports on a Goodson's, a small US law firm there which stepped forward and bravely admitted that their whole file server was scrambled by Cryptolocker and they lost all their files. Here is the TV clip:
http://www.wsoctv.com/news/news/local/computer-virus-locking-important-files-targets-loc/ndF4Z/
Their IT team tried to disinfect the machine, but that made things even worse because that prevents decryption. Then they tried to pay the ransom but it was too late since they had tampered with the malware. The TV clip shows the workstation where an employee fell for the Cryptolocker social engineering attack which used an email "from AT&T" with a malicious attachment that was mistaken for a voice-mail message from their phone answering service.
That error encrypted all files on their main server including Word, WordPerfect and PDF files, said Goodson's owner, Paul M. Goodson. No word if there was a backup of the file server but it sounds like they did not have one. The only blessing was that the malware had scrambled files and not stolen them, Goodson added.
Goodsons is not alone. Cryptolocker attacks are very successful and include Greenland, New Hampshire's town hall. Town Administrator Karen Anderson said: "The results have left us with documents that are no longer readable, I've lost eight years worth of my work." There is even a police department that admitted to having paid $750 for two Bitcoins to buy back sensitive files that were encrypted. The TV station claimed the eastern European gang has made US 30 million with this scam.
So, here are two points of advice. 1) Grab your most recent backup and see if it actually will restore the files. Make sure you always have a recent offsite backup and use the "versioning" system. 2) It is urgent and important to step all employees through effective security awareness training ASAP.