Problem: I had a drive that was comprised by a trojan/ransomware and lost a few gigs of files because we couldn’t pay the ransom. It was decided to delete the folders and when I did I got the following error: “You need permission to perform this action.” It wouldn’t let me delete. I checked folder permissions and I had full rights so wasn’t sure what the issue was.
Solution: Turns out that I was deleting most of the files just not the ones associated with the ransomware like the “Decrypt_instructions.html” file. Sophos, my antivirus, was putting them into quarantine. I went into Sophos Endpoint and Security Control and went into the quarantine section. Selected all of the instances and marked them for deletion. Once I did that the files were all gone.