« Last post by Execute on February 17, 2017, 05:34:25 pm »
Currently, there is no decrypting tool available for this ransomware. Even if a security software removes the cryptovirus from infecting your and other PCs furhter, it cannot decrypt your files. If a decryption method is found, we will contact you to notify you of that and update the article in the blog.
What I can tell you is that after you remove the virus, it will no longer be active - usually security programs make sure of that. Formatting your hard drive should be your last option, as formating may leave some files in the system that can still leave the ransomware active. The security software is the thing that cleans your PC from the virus and its files. Also, if you do format your disk drives, it might be next to impossible to restore any files that got deleted before that. Usually, some ransomware viruses deleted the original files and encrypted their copies (because it made copies of them). So Data Recovery Programs could recover the deleted data and restore the original files. You should try that out, although for this particular case, the files might just be put inside that .rar file. I suggest you try Data Recovery programs, before formatting.
Note: If you come across a service that states that it can decrypt your files and bring them back to normal, be aware that they cannot do that, as even engineers and researchers from AV companies struggle with this, So a service that guarantees such a service as successful, especially if they want money for that is a scam. Some companies paid over 1000$ for such a service and their files weren't recovered, of course.