Same thing happend yesterday in our company. We have eset endpoint security v.6. Few copies of same mailicious e-mail were received by employees. (.zip attachment). One of them opened (said that "accidentaly, mouse slipped..." and in roughly 3 minutes user's PC and most of the network share files, that this user had "write" access to ,were encrypted with .LOCKY file extensions and in each folder created .txt file with "instructions" how to get decryption key,
I tested it with free AVAST, it correctly responded and blocked threat immediately.
Infected PC is physically isolated now, today it will be reviewed, what state it is in and local eset logs will also be reviewed.
