Help held to $700.00 ransom for file recovery.
It depends upon how current the malware is and what type it is. Some have well-known keys, or discoverable keys. You need to do some web searching to see what's what. In the future, you will want to a disc image backup to an external drive that is only attached to the system when you do the backup. Also, keep backups of your new or changed files between the image backups. That way, you can recover your system and most of your data if you get hit by this cruft again. What I do, even for Windows systems, is to boot from a Linux live DVD, mount the external drive, that you have installed a linux file system on, and then use the Linux 'dd' command to copy the ENTIRE drive (including partition table and all partitions and file systems) to the backup disc. That can be easily compressed to save storage space. Here is an example of how to do it:
mkdir /mnt/backup mount /dev/sdxN /mnt/backup # The x is the drive number, and N is the partition, such as /dev/sdb1 dd if=/dev/sda bs=1M | gzip -c >/mnt/backup/system.date.gz # Where date is the current date and /dev/sda is the system drive.
You would do this as the root user.
FWIW, this has saved my bacon and that of my clients numerous times in the past. It works with Linux drives as well as Windows ones.
To restore your drive image you would do this after booting the live DVD, becoming root, and mounting the linux partition again as above:
gunzip -c /mnt/backup/system.date.gz | dd of=/dev/sda bs=1M
We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.