Let me start by saying I am not experienced with VMware beyond the workstation application. I only use it for very simple VMs for testing/self education.
I have a personal file server that I had two VMs running on in Workstation 12. Long story short, I was infected by a cryptolock via an RDP brute force attack. This was even able to reach my backups on a separate machine, but it didn't harm the VMs VHD's. When I found the infection, my 2 VMs were still running and perfectly intact. It did manage to encrypt my VMDK descriptor file though, along with my VMX file.
I've gotten to the point of creating a new VMDK descriptor by making a new VM and moving that file to the VHD folder. I know it's not that simple and that I need to configure the descriptor to match the existing disk. I believe my issue is that the UUID doesn't match. I noticed when editing the descriptor in notepad++ that the UUID and longContentID change per disk, so I can only assume that's the missing information I need.
I'm not trying to get the existing VM to run, I'm going to rebuild them, but I want to at least get my DB files off the VHD if possible. Otherwise, I've lost a few years of work..
Hard lesson learned about password strength.. I thought I was being safe enough, but apparently not. (I was targeted for my bitcoin wallet, which was thankfully empty.. I was only trying some new programs on the host, but that was enough for be targeted..)
Thanks in advanced!