Hi Mike,
As the infection ( or what we can see of it) has been removed and it seems the key.dat is also missing..... there's no chance of offering to pay.
Paying for the ransom is a dangerous option anyway and not something we advise.
For starters, there is no guarantee your files will be returned or that the malware has been removed completely.
Ransomware is increasingly polymorphic, which makes it harder to detect and remove.
Will the hacker exploit you again in six months’ time? The truth is you don’t know.
Remember, this is not a service, they are cybercriminals.
Even if you pay, you are not going to be ‘whitelisted’ so you could get infected again so it’s not a real solution.
Very wise.
Sometimes you have to take it on the chin and learn from it.
I am thinking best I run the win7 recovery so no chances of this problem on her HDD "if there is no way to recover the files", what do you think?
That would be the ideal solution.
At least you then start with a fresh clean system.
They always say that prevention is better than cure............
There are a few methods and utilities that we recommend in order to protect your computer from ransomware infections.
CryptoMonitor:
CryptoMonitor is a highly recommended program that is designed to detect when a ransomware is trying to encrypt your data and block it before it is able to do so.
I was one of the beta testers for this and found it very easy to use.
The application has been tested against CryptoWall, TeslaCrypt, Alpha Crypt, CryptoWall, and other smaller ransomware infections and CryptoMonitor was able to stop the infections before they could damage the data.
The nice thing about CryptoMonitor is that it has a small footprint, does not use a lot of computer resources, is inexpensive, and is designed for one thing; to kill ransomware before they can encrypt your data.
For most purposes you may find the free version will do the job, but if you really effective protection then you should purchase the Pro version as it can block injected ransomware processes.
You can find more information about CryptoMonitor at this link:
https://www.easysyncsolutions.com/cryptomonitordetails.html
HitmanPro: Alert:
HitmanPro: Alert is a great program as well but is designed as a full featured anti-exploit program and is not targeted exclusively at ransomware infections. Alert provides protection from computer vulnerabilities and malware that attempts to steal your data. Unfortunately, because this program has a much broader focus it sometimes needs to be updated as new ransomware is released. As long as you stay on top of the updates, HitmanPro: Alert offers excellent protection.
You can find more information about HitmanPro: Alert here:
http://www.surfright.nl/en/alert
CryptoPrevent Tool:
CryptoPrevent will automatically add Software Restriction Policy Path Rules to your computer in order to prevent TeslaCrypt and Zbot from being executed in the first place.
This tool is also able to set these policies in all versions of Windows.
A new feature of CryptoPrevent is the option to whitelist any existing programs in %AppData% or %LocalAppData%.
This is a useful feature as it will make sure the restrictions that are put in place do not affect legitimate applications that are already installed on your computer.
To use this feature make sure you check the option labeled
Whitelist EXEs already located in %appdata% / %localappdata% before you press the
Block button.
You can download CryptoPrevent from the following page:
http://www.foolishit.com/download/cryptoprevent/
For more information on how to use the tool, please see this page:
http://www.foolishit.com/vb6-projects/cryptoprevent/
and the other thing is
always have good external backups of any personal data, pictures, music etc.