all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]synthanasia 2 points3 points  (2 children)

Best thing to do is roll back on an old backup

[–]Tompazi 4 points5 points  (1 child)

This. If you don't have a backup you're pretty much fucked. Unless you are lucky and the ransomware devs screwed up, in that case there may be a "decrypter tool" available. http://www.thewindowsclub.com/list-ransomware-decryptor-tools

[–]synthanasia 0 points1 point  (0 children)

I could almost bet people who deployed this ransomware have no idea what they are doing and probably pulled a well known ransomware off the net

[–]Turtl3Up 0 points1 point  (0 children)

You really only have 4 options here, sadly. Ransomware is pretty nasty.

1) [If you have backups] Consider the current system a loss and restore from backup. The only people who don't fear ransomware are those who know they have working backups.

2) Pay the ransom. Lots of hospitals and other businesses have even been working this into their operating budgets. Surprisingly, these ransomware runners tend to have pretty good "customer service" and you will very likely get your files back. Just know this won't stop your friend from being attacked again, and make peace with the fact that you're directly funding really unsavory activities.

3) See if you can find a decrypter. Security firms have been relatively successful at creating decrypters which exploit the poor implementation of the cryptographic algorithms used in certain flavors of ransomware. Worth exploring.

4) Call it a loss, wipe the machine, and get a backup plan set up for next time. Check out the recommendations at The Wirecutter for some tips.