Does anyone know if this affects all user accounts on a computer , or just the user account open when the attachment is opened . Although I tell the kids never to open email attachments , you never know .
I see that Massachusetts police have admitted to paying a bitcoin ransom after being infected by the Cryptolocker ransomware.
It affects all files the user who is logged on the computer has write access to when it is infected.
It cannot encrypt any file the same user only has read access to.
Another way of hiding stuff (at the moment) is to back up to a USB drive then either -
a) unplug the drive
b) remove the drive letter in Disk Management.
At the moment it can't spread across UNC paths, only through drives accessed or mapped via a letter.
Note however it is constantly changing, for example the latest one deletes your shadow copies before encrypting!