It did happen to clients of ours (3-4 years) ago. Small offices with 20-40 people with a file server, email server etc.At that time commercial antivirus did not know how to handle RansomWare.

All data were encrypted and we were completely despaired!

In most cases we had to ask the employees to leave the office, as they was nothing they could do.

However due to strict policies like:

Users did not have local admin rights.

ShadowCopy was running on each workstation.

ShadowCopy was running on the file server.

We were able to easily remove the malware application from running, most of the times it was in the registry.

After removal of the ransomware we just used “Previous Versions” both in Workstations and in Server to replace encrypted files.

Our backup was also intact but in all cases we never needed it.

Unfortunately in all cases it took us many hours to replace encrypted files.

It was at that time, we decided to build an Outlook Add-In to filter RansomWare as it was coming into the mailboxes via Outlook.

The rest is history, we now have hundreds of people using all over the world:

Software Created with Passion | Synergy USA llc