Hi,
I have come across may Ransomware infected systems.... they exactly are just scripts/code and
only Run Once...
Once the script/code is executed it encrypts whatever it can to the extend that, Except EXE & DLL & Some system files (to Keep your System running so that you can PAY) all other files ... whether Documents, Video, Music, Pictures, Graphics, 3D Design, TXT, Compressed, PST, Databases, etc.. etc... all is encrypted.... even if you have any mapped derives or have attached USB drives at that particular time when the Script/Code was executed... it is not memory resistant and dosent run again and again as traditional viruses/malware does.
if you create a new document, it wont be encrypted... as the damage is already done..
Depending upon the Ransomware, it will Kill your Antivirus, and Shadow copies too...
Unfortunately, there is not single solution to stop it... and no Single cure/remedy to decrypt the files as these Ransomware keep on evolving and updating to bypass any security controls/measures implemented...
Therefore
Always BACKUP your IMPORTANT/CRITICAL DATA
But maybe if you are infected with
.CERBER V1 you can use following
Decryptor and try your luck
INFO
Using the Trend Micro Ransomware File Decryptor Tool
Download Link
http://solutionfile.trendmicro.com/SolutionFile/EN-1114221/RansomwareFileDecryptor 1.0.1655 MUI.zip
Thanks,