After recovering from a recent ransomware attack ourselves, we continued to get the Ransom.Gen Activity 22 message from some of our users. The attack originally came through a standard user profile so when we originally restored from backup, there were some nested folders which appeared to be unaffected.
Example - The files within (Share)\Employees\John were not affected due to the elevated privileges for the John Folder. When I had restored, I left the John folder and the Employees folder, but deleted/restored all of the other file folders which contained files that had been encrypted.
Suspected solution: I think I was able to resolve the issue on our end by creating a new "Employees" folder, moving everything to the new folder and deleting the old. Try to replace any folders which may have been affected in addition to files.
Alternate solution: During the process, I also ended up reassigning permission values to all of the shared folders. This may have inadvertantly fixed the issue on our end.
I hope this helps someone else. If someone finds that they can reproduce these results, please respond. Thanks!