I have a Windows Server 2008 R2 machine that has been infected with a version of CryptOn (possibly 128) but the decryption process could not find a key. I've identified that it was the Cry128 using IDRansom and the corresponding ransom note. I recovered a file from backup that was 2MB in size and dragged it and the corresponding .onion_ encrypted file onto the Cry128.exe file, after 25 minutes it said, "The decryption key for your system could not be found ...."
Is there any way I can decrypt this or should I just try restoring from backup?
If I restore from backup, won't that include the ransomware? How do I remove it?