I have had Cryptolocker at one of my customers. The little bastard kept coming back three times. It encrypted every drive letter the user (who opened that bloody mail with CryptoLocker in it) had access to.
Luckily for them we make daily browsable images of each and everyone of their servers and we keep those images around to three weeks.
So i locked on of those unencrypted images and put everything back in place.
CryptoLocker is a nasty one. Once it is executed it will encrypt everything it can touch. No repair possible. It has a very small footprint and does everything from memory with little resources. You won’t even notice any more activity.
Not having admin rights does not solve this. It will encrypt everything that it can touch under the current credentials (write access).
Make sure you have at least two shadow copies each day of your files. Preferably a daily full browsable backup with a retention of seven days.
No repair possible people. Please have shadow copies and backups.