posted on Mar, 24 2017 @ 05:42 PM
Sophos will stop and even remove the encryption caused by ransomware (their Intercept X product). It sees the encryption of files.. will stop it..
check.. remove the virus.. reverse the encryption on files that were encrypted. I got it for our computers, since ransomware is a big deal right
Even without a product that can do that, you can still often beat encrypted files. As long as your system restore is on (and it should always be on),
just right-click on say, the documents folder.. and you can restore it to a previous version. I've done this for multiple computers in my last two
companies, and recovered all data on laptops. For network shares.. shadowcopy.. backups.. don't NOT have a backup plan. : )
You may be out of luck if the virus payload included turning off the system restore.. usually that won't even take effect until after a reboot, so if
you notice.. do a system restore immediately. Although I have had a few people that even with weird popups and encrypted files, have rebooted their
computer like.. 17 times, embedding the virus so firmly onto their laptop, it is like they just dumped a bag of wet cement into their laptop. Nuke is
usually the only fix then.