Endpoint Protection Small Business Edition

This morning we encountered the HOWDECRYPT ransomware. It has affected, as best we can tell, one of our workstations and then all of the mapped connections on this workstation. Unfortunately, the mapped connections include all of our backup drives. Is there a way to recoved the encrypted files? My understanding from Symantec help is I can use Power Eraser to eradicate the ransomware, but no one has been able to tell me if - or how - I might recover the files we had on the workstation or assorted attached NAS devices. Also based on those discussions we plan to install Endpoint SBE 2013, which we hope works better than what protection software is installed now, Would appreciate any direction . . .

Unless you have a backup, this could be tough going. It uses unbreakable encryption to this point. The malware can be removed but files are likely unrecoverable. However, see this article by Mick2009 to see if it can help:

Recovering Ransomlocked Files Using Built-In Windows Tools

https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

Multiple links here as well:

https://www-secure.symantec.com/connect/forums/cryptolocker-qa-menace-year

Similar problem to yours here:

https://www-secure.symantec.com/connect/forums/some-virus-has-corrupted-many-our-microsoft-office-files-and-pdf-files

How to run Symantec Power Eraser with the SymHelp utility

http://www.symantec.com/docs/TECH203683

you cannot de-crypt the file.

Run the power eraser first, then try to install SEP

http://www.symantec.com/security_response/writeup.jsp?docid=2013-091122-3112-99&tabid=3