I hadn’t heard of this until today. One of our client’s had an attack on their server , the malware makes a zipped (RAR) file of your data and adds an encryption to the file. It then deletes the data using the sdelete function which doesnt allow the traditional undelete file methods. There are various versions but the infected user is offered a password to decrypt the file.
The bottom line is you must have a backup process in place that is tested and verified. That wont help our client today but you may help you tomorrow!