There is no simple or universal answer to a ransomware attack (apart from taking all possible precautions in advance, and there are no guarantees even then). However, the site ID Ransomware does seem to offer a way for victims to (maybe) identify the ransomware that has attacked their system. (I haven’t tested it myself.)
As I understand it, the site works like this:
- It allows a victim to upload a file displaying ransom/payment information or one of the encrypted files, and attempts to use the uploaded file to identify the malware that implemented the attack. It currently claims to detect 52 varieties of ransomware.
- If there is a known way of decrypting the encrypted files without paying the ransom, it directs the victim towards it.
The site doesn’t offer to decrypt files directly itself, and doesn’t want samples of the actual malware.