a) Pay (but refer to Mr Kipling’s views on Danegeld first)
b) Disconnect from internet, run many AV scans to remove the infection (keep machines isolated while disinfecting to prevent re-infection) then restore from backup
We use SonicWALL with their Gateway Anti-Virus and Geo-IP filter as preventative measures. In addition to anti-virus programs, we utilize these two to block the Crypto-Wall and Crypto-Locker viruses from infecting us and by blocking the IP of foreign countries where the command and control servers generally live (we block everything but the US and a handful of “safe” countries), we prevent the virus from establishing a connection to the C&C servers to generate their key without which they can’t begin encryption. We then use software like Malwarebytes to remove the infection. It’s not perfect, but it helps.