As a general rule of thumb, never open a zip file attachment from someone you don't know. Even then scan it for viruses before opening it.
Here's what to look out for;
The e-mail subject was INTERNAL FAX
The attachment name I received was FAX827-482-9123.zip . The infectious software is contained inside the zip file. It also contained an attachment named ATT00001.txt (which is not a virus).
RansomWare message body text;
You have received fax from EPSON09964727 at sidsolve.com
Scan date: Wed, 26 Nov 2014 10:18:44 -0500
Number of page(s): 61
Resolution: 400x400 DPI
Attached file is scanned image in PDF format.
The message came from XTLAMJHEK (126.96.36.199) around the Orlando, Florida area. The sender's address was 8GEGBYXZ.email@example.com . The return path is firstname.lastname@example.org . The sender spoofed a fake address named email@example.com. This would likely be customized to the victim's domain. The company that owns the domain is based on Guernsey in the Channel Islands.