I took on a brand new client a while back, and before doing any real work for them they were hit by cryptolocker. I hadn't yet even done a "IT Review" for them, so didn't yet know what systems they had in place.
Thus, under the gun, I started looking at their backup setup, and found it "severely lacking". They did have a backup system from the previous IT guy, but due to the way it was set up it would have taken days to get the data off of it and all moved back into the correct spots. So given days of billable time/work or paying the ransom, we chose to pay the ransom as the most expedient solution. They only accepted bitcoin, and there was a deadline after which the ransom doubled or more. So we jumped through hoops to get a bitcoin account set up, funds deposited, etc. That was a rather convoluted process and took time (albeit less time than working with the existing "backup" system). Soon as the bitcoin was transferred to the hostages account, a key was received online via the TOR browser. Yep, the key worked, and decrypted all the data. A new (and easy/functional) backup system was put in place immediately thereafter. I've also talked to a few of my associates who own IT consulting firms, and any of them that decided to pay the ransom did in fact get a working decryption key. ZFS is a good solution :) Best, J
