Ransomware Story -The owner of a plumbing and heating company opened what he thought was a safe email about a Fedex tracking number. The email turned out a ransomware scam. Thus, within a nanosecond all of data files were encrypted. The attached external backup drive was also encrypted.
The thieves had a message that the owner had to pay a ransom in bitcoin to get access to an encryption key, So, after, I calmed the owner down, I did the following:
A) Removed the ransomware virus using the program, Malwarebytes.
B) Recovered hidden copies of the encrypted files using ShadowExplorer.
This program, ShadowExplorer, allows you to browse and potentially restore the Shadow Copies created by the Windows Vista / 7 / 8 Volume Shadow Copy Service.
So, the files were restored and the owner didn't have to pay a ransom.