Our office was hit with the Cryptolocker Virus and wiped out a good portion of our file shares. We're in the process of restoring the files from backup, but some files were encrypted earlier in the week, while others were encrypted yesterday.
We've restored yesterday (and thus most of the files), but i'm afraid that there's going to be a mix of encrypted files from earlier in the week that are still encrypted. Using the regedit method to track the keys the virus placed doesn't look like its going to locate all the files for us.
Does anyone know of a tool to scan folders for encrypted files and provide a list (particularly the encryption of the Cryptolocker) so we can piece together what needs to be restored still?