I know there is no way of decrypting the files but as we speak a process or something is still running and causing damage to our file server.
By checking the processes and applications that are running there is nothing that appears to be 'abnormal', it's very concerning.
Does anyone know apart from using malwarebytes, Kaspersky etc that can isolate this?
We can restore but I fear that it will continue to go through those same files.
Any help or pointers would be much appreciated.