BriTec made a video (click here) showing how to intercept the decrypt password using Wireshark, but also says the password keeps changing so it's of no real help. I don't know if anyone else has seen this yet, but if anyone hears of a fix please post back for all.
There is a new nasty hitting the Web aimed at Office documents using what appears to be an Adobe PDF exploit, even though this last part is still to be confirmed. It does this when you visit a compromised site and when launched will look for a wide range of media files, JPEG images, MPEG audio files, as well as all Microsoft Office files.
The attack, which Sophos has identified as Troj/Ransom-U, changes the user’s Windows desktop wallpaper to deliver the first part of the ransom message, which tells the user their files have been encrypted. It adds that they must act quickly to get their files decrypted, and must not tell anyone about the attack.
Here's a pic of the ransom message: