This morning i realize there was a readme.hta on my desktop and did a system search on it and deleted them all (1000+ entries). I did not get any specific ransom note messages and malwarebytes didn't throw any issue with the system or with the 'readdme.hta' files either. Note that I DID NOT run readme.hta eevn once yet and my wallpaper did not change to the randsom note either
However, i realised most of my important files now have encrypted names with file extension .963E( e.g. -1dlTZmAtJ.963E) . Using ID Ransomware (beta') as shared by the website turns up CERBER 3.0
Not sure what happened/ how did it happen? How I can decrypt the files now? what else can I do to ensure deletion was thorough? (i did not find any .exe so the executable is still not identified)
Sadly, I did not do any system restore/bakcup/shadow volume as per suggested earlier. What are my options for decrypting?
Edited by hotdog10, 08 October 2016 - 01:51 AM.