Hi thank you for your reply.
The thing is the windows is a vps which runs on my unraid server.
The attacker had access to my unraid shares due to a network share that was still attached to said vps.
Because of this he was able to also encrypt the windows vps vdi file (the actuall harddrive of the windows vps).
I really dont care about the windows vps and the files on the vps at all since i created it so a friend (who i trust) of mine could configure some servers on my network via rdp (annoying nat situation). I was going to remove it a few days later after creation anyway.
As a result i removed the windows vps because i coulldnt even restart it and actually had to reinstall my unraid server aswell since the attacker encrypted pretty much everything vps startup related.
I did backup all the encrypted files and put them in a zip file hoping a decryption tool will be available in the future.
And i protected every share on my unraid server aswell!
So, this thread can be closed, the problem is not solved but i will wait untill a tool is released at some point in the future.
Thank you for your time to assist me 👍