3) Of course
Good, you may be able to get some of the data back then.
Temporary files made by Office, for instance, are not locked.
The process working its way through the list of files with certain extensions (jpg, doc etc) and making an encrypted copy.
and then deleting the original.
The orginal is not deleted immediately.
So the original may be still there.
If deleted it may not have been overwritten, which is the reason I said 'turn it off now', in which case the original may be recovered by an undelete program.
But you must do this from another machine, the ransomware will not then run if the drive is slaved.
As to removing the virus,that is usually not too bad, use combofix to kill any cloaking rootkit.
Malwarebytes will rid you of the executable only, but there it has a recovery method.