Ouch. I'm terribly sorry to hear your friend had this experience. Few things in this world are scarier than ransomware.
Unfortunately, in your friend's case, this is to be expected. While the virus responsible for encrypting his files may be gone after a clean install, that won't change the state of the encrypted files.
Suppose you rename each of your files with some random file extension. Let's say
_old. You say to yourself, okay. I think I'd rather change it back. You reinstall Windows and.... Well, nothing will change the state of those files. Why would your boot OS have anything to do with them? The ransomware has done its dirty deed. There's a reason these ransomware ops are so profitable. They're quite literally holding your data at ransom.
Now. You mentioned that he attempted decrypting his files using STOP Djvu. The ransomware in question is in fact Djvu? If so, the publisher's of this decrypter do state there are sone limitations on what can be decrypted
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu
Here's hoping most of your friend's data wasn't too important and simoly be re-downloaded (without re-downloading the ransomware payload)
Be safe