The only way to get ransomware on your Mac - software that encrypts your data and then demands a fee to send you a decryption code - can only get there by installing it yourself. In other words, by engaging in high risk online usage such as installing illegally cracked commercial software. DO NOT pay for any such code. It only:
- Encourages criminals to keep doing this.
- The code often doesn't work.
- They never send the code (because they never had it to begin with).
- They demand more money before they'll send it.
AV software will not help. Not even a little. There are no self-installing/spreading Mac viruses. None. There are plenty of Trojans, such as the possible ransomware she installed. No AV software will make the slightest attempt at stopping you from installing a Trojan since it can't know what you're installing/running until after the fact. All AV software is useless.
If you truly have ransomware on the Mac, boot into Internet Recovery Mode (restart and hold down the Command+Option+Shift keys). Erase the drive. Reinstall the OS from scratch and restore your last Time Machine backup made before the malware was installed. If you can't be sure the TM backup isn't infected, don't restore it. Treat the Mac as a brand new device out of the box (which is how it will be after installing the OS to as erased drive) and reinstall only legally obtained third party software.
