Sorry to hear you were a ransomware victim.
What type of crypto malware are you dealing with? Did you submit (upload) any samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.
yeah got beaten by Zenis Ransomware on a Windows Server 2003 SBS (Service Pack 2), and got spread on 2 (thank got) workstations a couple of days ago.
Im going to upload some of the decrypted files today, thankfully it got only jpg and doc, txt, xls files, and no mssql databases on the server.
and these files are backed up on cloud, so its only to clean up the mess, but as far as i found out, there is some kind of rootkit working on the server.
im on my way right now to the servers location, so going to post an update later on today.