I recently had a laptop of a client that was infected with a new ransomware called cryptXXX. I believe it was installed via an email attachment of a Word document. I don't normally fall for phishing, but it happened to be generically worded enough and came from a credible source (a friend in finance) that I thought the attached invoice was legit. Either that or Outlook's preview of attached office docs allowed it to be installed.

The easiest way to know you have this is your MS Office files will be encrypted and have a .crypt extension. You will also note three files added to any directory where data has been encrypted:

de_crypt_readme.txt

de_crypt_readme.bmp

de_crypt_readme.html

These, of course, direct the user to a site to pay a $500 ransom in bitcoins. Note regarding backups - it will proceed to encrypt files from any mounted storage so keep backups unplugged if in doubt. See https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler

I don't know if Norton will detect this latest variant as I don't have license to run it on the infected laptop and I can't run NPE without admin on that box.