I thought ransomware usually attacks companies and not individuals... If the files in the computer are not that important, I suggest not to pay for the decryption- just format the harddisk.

It actually doesn't matter if you or them sending the bitcoins. Maybe need slightly more to cover the transaction fees (like 100bits per transaction)

Aside from the type of ransomeware, it is mostly a gamble as to whether or not the files will be decrypted. Most of the time they will be once the funds are sent, but occasionally they won't decrypt. A lot of this depends on the type of ransomware that infected your computer.

As for ransomware viruses attacking specific groups; they will infect anything they can find. Their purpose is to make money for the creator and not specifically harass anyone.

Unless the files are 'irreplaceable' as in extremely valuable (regardless whether it's monetary or sentimental value), I advise against paying them. These attacks would have stopped a long time ago if people did not pay and had created backups as they already should have. The primary lesson here is to have a minimum of 1 backup, although there are various backup plans (e.g. 3-2-1) that users should be familiar with. This becomes even more important when Bitcoin users are in question (e.g. wallet file could go corrupt).

The primary reason for which this ridiculous type of attack works is because people are ignorant and dumb when it comes to technology. A singular backup can easily make this kind of attack obsolete.

It doesn't really matter for the end result. The people behind the malware don't care where the money is going to come from. Depending on the type of malware, it is possible to 'unlock' the system.

I don't think an outgoing transaction would get you in trouble, an incoming one may.

Anyone with detect computer skills should be able to avoid this script-kiddie malware stuff online these days.

You have a fair point here. Get him to install Electrum or a similar SPV client. Additionally, I made a small edit that you didn't see:

So what's the name on the ransom note?

He should send the BTC only if he's got important files on his computer that would be worth +$1200. That a lot of money, if he's got everything backed up elsewhere, he could simply wipe his HDD and reinstall the OS. But to answer your question, I think you definitely send the BTC to him first, you're dealing with your friend not the hackers.

I would not pay that.
I think those 2 coins would be better invested if he bought himself a new computer and a few usb sticks to save the important data.
Or just format the hard drive and buy a new operating system.
The chances of getting his computer working again are minimal.

Interesting. After spending a small time researching, there seems to be information regarding the removal of the ransomware. According to some sources, it doesn't encrypt the original files but rather creates encrypted copies. I highly suggest reading up a lot on this matter on Google. A possible method for recovery here is the standard software used for recovery of the deleted files. I've also seen suggestions ranging from manual (e.g. booting into safe-mode and trying to get rid of it) to automated tools. That friend should consider the amount of valuable data stored on the computer and their exact location (depending on usage patterns this may be easy). You should try recovering these files, if successful a simple format would solve the problem and save a lot of money.

Another useless post. How would the friend save important data on the USB sticks if it that is already encrypted/lost?

Tell your friend to contact their support. They might be willing to lower the price. They have in the past and their ... "customer" support is excellent.

If you are afraid of any repercussions, write up a small statement and let your friend sign it. I dont think you have to worry about that though.

I wouldn't pay any ransom unless I have something really valuable and important, also, backups should be made not only for this kind of attack, but in case of HDD failure, I usually burn DVDs with the important stuff I have, making more than one copy, I also keep some files on a 16 GB USB, or on my old 4 GB USB.

Not sure if I would get involved, but from a security stand point. Send him the BTC to a newly installed wallet or generated address (WHICH HE CONTROLS) and let him handle his own ransomware issue.