Leaving the technicalities aside, I have posted a detailed Advisory on what a Common man has to do if his computer is affected by WannaCry or other similar ransomware. This advisory is available at Naavi.org
I am not repeating it here.
I am only highlighting some steps to be taken by professionals who may find themselves in a situation where they cannot recover their computer.
I recently came across a situation where one of the customers lost the data hosted on a foreign server due to the foreign server getting affected and there was no back up. Such situations may also arise for other professionals.
In such cases the data loss may be later on interpreted as a “Deliberate Data Erasure” by the tax authorities or other regulatory authorities and the computer owner has to provide a proper confirmation about the fact that his computer was in deed infected and the data was lost due to reasons beyond his control. Remember that deliberate data erasure may invite penalties under Section 65 and 67C of ITA 2000/8.
Such persons should therefore first keep a record of the fact that they were victims of this ransomware attack. This is suggested to be done by taking a CEAC certified copy of the locked screen showing the attack.
For more details you may contact Naavi.
Next, (After certification), I suggest that the hard disk with encrypted files may be removed from the system and preserved for some time. In case a decryption key is reverse engineered in due course, it may be possible to extract the data. It would also be an evidence to the law enforcement authorities that your claim of being a victim is not an alibi but a real fact.
If you want to prove that you were a victim despite using a licensed OS and reasonably updated along with a reasonably updated anti virus system, there is need to preserve the evidence. If you simply reformat the hard disk and continue your work, you may later have to answer that you did not take enough efforts to restore the data.
Naavi