Hi. I'm a new member. My client's main computer was infected early Saturday morning.with ransomware which appended all files with firstname.lastname@example.org. I don't understand how he contracted it nor how it even executed as he had the COMODO Firewall running with HIPS in Safe Mode. When I remotely connected, COMODO popped up with a message about Clean_Gerk2.0.exe which is probably the encrypting program. Has anyone seen this stuff and/or have any idea how to decrypt it? Any help would be appreciated. Thanks.