Personally, I use the following scheme: 2. If it doesn't work, then I boot from the LiveCD, and start looking for the launch of the extortionist in the registry. Hijackthis is a very handy way. You can also run special anti-ransomware software, I probably don’t remember its exact name, in my opinion it is on a LiveCD called HirensBootCD - sometimes it works well. But not necessarily. CureIt may also be useful! (banal for checking the base of another antivirus) and AVZ. As a result, having found out the name of the process, we find the file, usually somewhere in c:\Windows\System32 and physically delete it.
1.First, I try to kill the ransomware without rebooting. Some of them are so unskillfully written that it turns out that in various combinations, you still start the Task Manager and crash the ransomware process. Or do not bang, but at least find out the name of the process.
3. Next reboot. And the search continues, often the malware comes not alone, but in conjunction with another. It is important to fish everything. Since one of them can install the other. After all this, we launch the update of the standard antivirus (some Avast) and check again. Ideally, even in the "before OS startup" check mode. Also, of course, it would be nice to remove the left launches (already invalid) of malware, just so that they do not clog the system...
Something like this...

Search for symptoms on the Internet. There are no other options. Antivirus download LiveCD, they are free.

The simplest way is to look for all files created on the day of infection, delete suspicious ones. In case of doubt, we run it through virustotal.
But better, of course, anti-virus utilities - CureIT, KVRT, AVZ, Hitman Pro, Zemana, MBAM...
Against specific blockers, try the AntiSMS utility from the notorious simplix-a.
ps Naturally, all manipulations must be carried out by booting from LiveCD / USB.