I apologize if this topic is redundant... I did a search for this first and didn't seem to find much, so I thought I'd start a new topic. I've recently encountered this ransomware on one of my customers' machines. Although I was successful (I think) in removing the virus, I noticed that all the personal files (i.e. Word, Excel, PDF, etc...) were altered and then had their extensions all changed to HTML. From what little I'm finding out about this online, I'm assuming this one is new? It's been a lot of years since I've encountered anything that physically alters the personal files rather than hiding or moving them. Has anyone figured out a way to restore/repair personal files once the virus is out of the system?
Luckily for this customer, he only had a handful of stuff on his system and none of it was mission critical. So, in this case, a clean wipe and install may be the best way to be "sure" that it's gone.
Anyway, any information you have about files being altered to HTML would be great. I'd like to be able to tell him he didn't lose his files if I can...