files are encrypted by CTB-Locker

The above comments are correct.  The encryption keys are now generated randomly and it is ... not impossible, but impractical, in terms of human lifetimes to break the key.

If you pay the ransom, you may or may not get the system unlocked.  Survey results indicate about 2/3 of ransom payments result in a key being delivered within six months.

Even if you do get the system unlocked, you will never be able to trust that system again.

So you might as well either restore from the most recent full backup, or reload from scratch.

I wholeheartedly agree with above.

And really this is a duplicate of your question here:
https://www.experts-exchange.com/questions/28623440/file-extension.html?anchorAnswerId=40636840#a40636840

Where you've already been told all of this - I know this isn't what you want to hear but you are not going to get these files back unless you have back-ups.   You have only two ways to decrypt:

- pay the ransom to the criminals - in Bitcoin and at thousands of $$

- Try brute force decryption - but with a random AES-256 key you could spend the rest of your life (and the lives of your descendants) before statistically you would find the key.

There is no magic solution :(

No way out as mentioned already and applies to anyone infected by the ransomware. Disconnect the machine and not plug in any external storage or share those used in the machine before unless cleaned up and checked by AV minimally

what about data recovery on a day before the problem ?

From your backup of the day before, sure. But if what you mean is a System restore from Windows built-in System Protection using a restore point, or by using previous versions of files using shadow copies, that doesn't work anymore after you have received the ransom note, as restore points and shadow copies get deleted by the ransomware before the note is shown.

not back up ...no back up

 what about data recovery using recovery software

If you are trying to recover the current files that have been encrypted, not that I know of. Recovery software can't handle this encryption.

As far as I know it does a secure erase, so data recovery would be futile. But you can always scan the disk using getdataback...

is it possible to recover files before the incident stage

Before the encryption is completed, yes, but after that, no.

so what is the solution ? any decryption method or recovery method ?

But I don't see the point of trying and wasting time and resources and money. Files of which there are no backups of, can't be important.

important , but customer didnt take backup

No, as we have tried to tell you multiple times, there is no solution, except to cut your losses and start fresh.

Take your backups more seriously in the future.

there should be some decryption method using by decryption company , which need to find out

But there isn't!  

The nature of data encryption is that is is secure, otherwise why would anyone use it legitimately?

When used for malicous reasons it is still secure.

What is it about our responses that has failed to convince you that this can't be fixed?

Once you have received the popup, your files have been encrypted with very strong encryption  (would take many many years of brute force decryption with a powerful computer before you made a dent in it). If there is no backup,  then the user either needs to take the loss or pay the ransom.