Had my bag of fun with this piece of garbage.
The attack vector was something like this : luser allowed her son (against IT policy) to install and run games on her work laptop. I suspect her son caused the laptop to be infected with CL either by opening an email attachment or the such. It proceeded to encrypt every single .doc, .xls and the such files on said laptop.
Then it displayed its ransomware notice.
Her son tried to uninstall it, but panicked when it changed the desktop background to the infamous CL background bitmap.
He sbould've left it there, but he didn't, and downloaded (and reinfected the laptop) with CL accordingly to the instructions given.
Then mommy came to work with said laptop, plugged it into the network, and did some work.
Then she proceeded to phone me.
Worst day ever. I killed her connection, and had to restore from a backup... Luckily it was only her laptop, her home folder on the server and one directory with lots of .PDF, Word and Excel files affected - and the corruption didn't spread to the automated backups yet....
She was under the impression I could "google for a fix and way to remove it" .... Hopefully the loss of her photos and other (not backed up) documents on her laptop will make her think twice now....
Had to do a fresh windows install on a new HDD as I could not get rid of the CL trojan at all... Will probably format and reinstall that HDD at some later stage.
Going to introduce (and enforce) new, tougher IT policies next year. Lesson learnt.