One of our users has had her workstation compromised with the CryptoLocker screen. The workstation had two mapped drives - one for personal files and one for shared files. Both of these mapped drives point to our storage server - Windows 2008 Server R2. Many of the .xls, .xlsx, .doc, .jpeg, and .pdf documents are now encrypted with no access. Could someone PLEASE provide some guidance as to how we should handle this devastating issue. We have two Sonicwall CDPs units for backup that are also partially infected. The infected workstation is presently off line but counting down to 02 May for payment and possibly receive the required key. The administrative staff would also like a list of encrypted files to better access this issue - how can we get this list for them? Thanks.