if it is Cryptolocker 3 or 4, IMHO she is S.O.L. Most of the newer variants are not solved. At a recent conference, law enforcement, I think, FBI, said it was a valid solution to pay these lowlife rock-spiders.
have a look at the ransom files and do a search on the web to find out exactly which variant it is. This is important to know for any possible chance at decryption. Some older ones have flaws allowing them to be decrypted.
I would advise to image all affected disks asap so things are not tainted in case a solution presents itself. TeslaCrypt, Cryptolocker, Cryptowall.. all slightly different, but I think all no solution.
a bit of shut the gate after the horse has bolted... but here are some tips to protect yourself.
1. have a well thought out backup strategy of ate the VERY LEAST your important files.
2. DONT leave backup drives always connected, or accessible or drives mapped etc... if YOU can access the backups now on your PC, so can the MALWARE!
3. have a read of some sites like
http://support.kaspersky.com/109534. If you don't know how to backup or think it is a challenge.. GET SOME HELP - it can be done and is probably not too bad once you get a few pointers.
5. spend some time thinking about your IT footprint - this means "what computer stuff have I really got?" You might be surprised. If you would be upset/hurt/devastated or business impacted if your computers or disks were to be stolen or destroyed - then you must also get moving on a backup plan against this virus. I have a portable hard disk her full of encrypted files and ransom demands. this drive is essentially useless, and the files may have well been destroyed in a fire.
6. get malware protection - this malware has gotten past many good malware security, but it does also stop some. be extremely wary opening attachments. If you have malware protection, ALWAYS save attachment to disk before opening it. Malware security should catch it at this stage.
7. RED FLAGS:
- files that end in double extensions file.zip.exe file.pdf.exe etc..
- weird "account" emails, bank, post, tax office, other services asking you for some action like overdue accounts, resumes, vague stuff like "here are the pics you asked for" and from senders you can match to the email. IF you have any doubts it is legit, and it has an attachment, then it is probably dodgy.
- vague emails asking you to click on a link.
- out of the ordinary stuff, strange looking or generic sounding names etc.
8. use virus total.
https://www.virustotal.com/ this is a free site. it can scan your file / attachment and URLs test against many virus scanners and see if it has been detected as malware. obviously a brand new file that's never been detected wont show up, but this site also can analyse what a file does when run.