Good question Koby. I have no idea, but I suspect so. I was not in the office when the attack happened. I have 10 office staff and I guess one could have opened it. They are not computer savvy. Like I said, we believe the source to be "possibly" from updox. I frankly do not know and likely will never know, but I suspect so. I did not contact the ransom website noted. I did not ask them how I got it. My IT persons (hero) decided to follow a "scorched earth" protocol. Unplug all usb devices, Delete, format drive several times (actually considered buying new one), reinstall os, upload backup. We get so much incoming faxes via updox, however, which makes it a good vector for infection. I have seen file attachments that look like this in updox before but they are usually pictures uploaded in bmp format. This one said java. First time I see that. Could it have been uploaded from my sever to updox? maybe. Also, I did not notice this file in updox until server was up. I sent the office staff home Friday morning once it became clear there was nothing we could do until server up so I was the first to look in updox (today).
