Hi hdablin,
This article may be of use:
Recovering Ransomlocked Files Using Built-In Windows Tools
https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools
Restoring from a known good backup is the solution against these. There's no way to undo the sabotage.
If they have identified the file which caused the damage, please do ask them to submit it to Security Response.
Symantec Insider Tip: Successful Submissions!
https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions
It will not help them to decrypt the files, but it will save other users from suffering the same fate. Please feel free to PM me the Tracking number if there is a submission! &: )
With thanks and best regsrds,
Mick