One of the latest varieties of ransomware has been identified by Lawrence Abram as LowLevel04, and it’s spreading via Remote Desktop Services/Terminal Services and then encrypting files on the targeted computers and demanding payment in Bitcoin. The good news is that the malware (at least in this iteration) doesn’t delete the Shadow Volume copies, which means there’s hope of recovering the files without paying the ransom.
Read more about it:
http://www.scmagazine.com/ransomware-using-remote-desktop-to-spread-itself/article/448398/