Hi,
yesterday I helped a friend of mine to recover it PCs from Cryptolocker attack (all file crypted and renamed as .encripted). Here in Italy in this period is similar to a total was with thousand of casualities ...
I really really fear about a cryptolocker on my pool ... 
Could be a good idea to intercept any tentative to create a .encrypted (or similar suffix) file ? I suppose Criptolocker first try to create the encrypted one, then delete the original...
It could be a possibile (optional) new feature ?
Many Thanks !
Gian Luca
Torino, Italy