Someone I know got hit with locky ransomware today. It infected their pc plus some server drives. Those drives can be restored from backups but the pc is not backed up. I told them I would ask the general community if anyone knows if paying the ransom actually works. Does the decrypter actually work? Hard to trust a crook. Anyone know if the decrypter installed a backdoor? Any analysis done on that yet? Hard time finding anyone on the internet talking about it in this way.
As far as I have seen, the people that pay the ransom do get the decryption key (as the University of Calgary did)however the price varies and can be expensive.<p>If I were your friend, I would try to restore from a restore point. Barring that, paying the ransom and once you have access to your files make an external copy on a separate disk (for analysis) and then wipe the infected computer with a new image.
There is the risk the authors simply demand more money <a href="https://blog.varonis.com/hospital-paid-ransom-didnt-get-all-files-back/" rel="nofollow">https://blog.varonis.com/hospital-paid-ransom-didnt-get-all-...</a>