This article on InfoSec Handlers Diary Blog I found interesting in indicating that ransomed files can sometimes be recovered if you go to the right place ...
Last time I helped out someone with ransomware over at the Bleeping Computer forums, I was able to recover the ransomed JPEG files.
A first look at the file with the file command did not help me:
file image.jpg.xxx\@yyy.zz
image.jpg.xxx@yyy.zz: dataNeither did a look at the header with a hex editor tell me much more.
But when I analyzed the file with one of my tools to calculate byte statistics (byte-stats.py), I noticed something:
[ ... ]
I'll let you read the details.