Some of it cannot be reconstructed, ever. We are only finding out little by little what we've lost.
One saving grace is that attachments to Outlook e-mail files weren't affected, so any email hoarders may have copies of the files they need in one mail box or another.
Anything saved to the server subsequent to the attack is perfectly accessible. The different applications apparently work fine, and performance isn't seemingly affected.
Why were backups on the same server(s) as the data files? Why were servers not backed up/imaged?
Yeah, that's a question I have for our IT guy, who is a part-time contractor since we are such a small company. He "cleaned" our system of any remains of the malware, and suggested all users download and run Malwarebytes for their own stations and hard drives, but he could not answer the obvious questions you pose. Apparently, this is the situation with a lot of victims, so ours wasn't an unusual case of apathy.
How did the perps get the malware planted onto the system?
The malware comes attached to an innocuous looking email as a zip file. One click to open unleashes the malware. Since we are hiring a couple of positions, this one likely came in as a resumé in answer to one of the job ads. We've gotten several more like it since the infection, but users have been wise to it.
One thing I can't figure out is that our servers are supposed to have protection against such attacks that come through in any form. Does a zip file protect these viruses from detection?
We are definitely looking at more robust solutions going forward. We do have one intact saved exterior hard drive from about a year ago which wasn't attached to anything, so the only data that was lost is about a year's worth.
It has always made sense to have a backup drive mapped to your computer—this is the most common way to backup on a completely separate device. People then run a backup program that sends the backed up files to that device.
Unfortunately, any mass storage device connected to that infected computer will be encrypted, and the malware has the knowledge of extensions and file types to know there's data in those backups. Cryptolocker only keeps the Windows native files working because it wants you to boot up just enough to know how to pay the criminals.
This new infection has now alerted people to the need to have either multiple back up devices (which can be occasionally tested) or the need to create a special, separate FTP-type connection to send your backup file to (because Windows won't see it as a volume to easily infect).
This malware was a game changer.
No IT guy/gal worth their salt would ever store backups on the server. That’s just stupid.
Find a new IT guy. And lock down your desktops. They are company property. Set up a good proxy and block known malware sites and vector sites. If it’s not needed for business purposes, block it!