When it is done encrypting all the files it would then create a document in each folder describing their way of retrieving your data, and their way of retrieving your encrypted data is to pay them a fee and then they will decrypt all your files. I don’t know about you but I do not feel right in enabling these guys by paying them a fee. I would rather recover my data without paying any fee even if it means paying IT Support to recover my data. Now, if you do not have a backup of that PC on an external drive that is not connected at the time of getting the encryption virus, then you do not have a recovery option on that machine. However, there are some other opportunities to recover files if you have the following scenario.
If you are using a client server environment, and the PC that contracted the encryption virus is a workstation, and you want to recover the files on the server, then you can then go to the server and you can right click the data folder. If you get the option to restore previous versions, you can then restore a previous version of that folder. This scenario is only available if you have shadow copies turn on your server. I do suggest that if it Ăs not turned on that you to turn it on now, just in case you get an encryption virus in the future because it is a handy tool for recovery.
The best defence against the encryption virus is to have a reliable backup solution in place and this backup solution needs to consist of external drives that get rotated so that at any given time one of your backup drives are not connected. The way when you do get the encryption virus you always have an offsite backup to restore from.