one of my users opened an email attachment (voicemail) but was an application and got infected with cryptolocker. it has affected several shares and all of the files on the computer.
they are demanding $300.
i do have backups i can restore from. my question is how do i know the virus is only on this machine and hasn't infected the server where the file shares are? 2 of the 5 shares seem to be infected.
is it worth paying the $300?
btw still not sure how the infection got past the spam filter, fortinet firewall, and panda cloud antivirus.