There are literally 100's of variants on the ransomware theme and new ones appear almost daily. They aren't detectable by most antivirus applications because they aren't really a virus but require human interraction to take hold.
The best defence is NOT to touch anything, mouse or keyboard and immediately power off. OK you'll lose whatever you haven't saved but better that than the alternative.
Then power back on into Safe Mode by tapping F8 repeatedly while booting up and initiate System Restore to before it all started (hopefully).
If successful temporarily disable System Restore to delete the infection.
If that is now not possible there is an excellent removal guide here that we recommend: http://www.bleepingcomputer.com/virus-removal/remove-mandiant-usa-cyber-security -ransomware
Good luck ;-)
Mandiant? Same old same old. It's Reveton wearing a new mask. Unless they've introduced some novel feature, the usual removal process should work for this one too. Go with the BleepingComputer article and advice.
Not familar with same old same old, but this is pretty nasty. Safeboot, it shuts down the PC before you can do anything so not sure you have seen this before. Already removed using the bleeping computer HitmanPro. That is some good stuff.
PS. I am a senior IT guy of over 25 years. Nothing is a mystery. I still think McAfee should have a signature and caught it. Moving on to something else.
Some of the older ransomware pests are now caught I believe, but none of the A/V's are good at these judging from what I've read elsewhere online. Most of them have extra tools which catch some, as does McAfee in the form of Stinger and RootkitRemover, linked in that last link of my signature or HERE.
I agree it would be nice if McAfee would catch all of these things. It would certainly reduce a lot of anxious moments for customers and headaches for everyone concerned.
Anyway, glad things are OK now.
Whatever's on the blocking screen is irrelevant except as a means of identifying which version of the basic ransomware program you're dealing with. It's whatever is going on behind the scenes that's important. and if the code changes so does the signature that McAfee uses to identify the malware strain. It is, though, basically the same program that's been doing the rounds for a couple of years now (with modifications).
If this is disabling Safe Mode booting that's an interesting development, and one which the mods were discussing privately a few weeks ago ("Disabling Safe Mode", Peter - go check). The NoSafeMode program modifies the MBR to disable F8. It's usually relatively easily undone (although that statement is a hostage to fortune).
Yes indeed, I do recall.