my PC at work got hit by Nemesis Cry36 (as identified by ID Ransomware) on August 3rd, 9pm. Most likely via RDP, as that PC had only had a weak password (dumb, I know).
All files were renamed around that time, except for files and folders on the desktop. Ransom notes .txt files were put in every folder and they also changed desktop background.
I have already read that Cry36 is unfortunately not decryptable at this time (or ever?).
However, I found some suspicious IPs (Moscow, San José, Amsterdam) in the RDP logs, one around the above mentioned time, the others on the days pr