CryptoWall/CTB-Locker/Cryptolocker (or whatever the variant's name is this month) seems to have difficulty with or is rather slow at getting to data stored in the container for the Volume Snapshot Service. For businesses that do not allow their users to run as administrators (or have them elevate from a privileged account), they can typically restore a reasonably recent snapshot of data folder by folder using the Previous Versions option.
If the user is an admin, I've found that the window for recovery using VSS is smaller, but certainly better than nothing. Network shares should be restored from backups or VSS from the server (if Windows). I haven't figured out what to do with flash drives quite yet....even most data recovery software doesn't find much since the files are never really erased, just overwritten with encrypted copies.