Since you're unsure (guessing)...this is a brief summary of things to look for which may help with identification.
CryptoLocker is a ransomware program that will scan all physical or mapped network drives on your computer and encrypt files with the following extensions using a mixture of RSA & AES encryption.
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, *.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.
CryptorBit (HowDecrypt) is a ransomware program that encrypts any data file it finds regardless of the file type or extension (i.e. JPG, PST, MP3, PDF, .DOC, .XLS, .XLSX, .PPTX, .and DOCX documents). When it encrypts a file, CryptorBit (HowDecrypt) will create a HowDecrypt.txt file and a HowDecrypt.gif in every folder that a file was encrypted. The GIF and TXT files will contain instructions on how to access a payment site that can be used to send in the ransom.
CryptoDefense is a ransomware program that encrypts data files such as text files, image files, video files, and office documents using RSA-2048 encryption, which makes them impossible to decrypt via brute force methods...CryptoDefense will create a How_Decrypt.txt and How_Decrypt.html file in every folder that a file was encrypted. The HTML and TXT files will contain instructions on how to access a payment site that can be used to send in the ransom. Though this infection has numerous similarities to CryptoLocker or CryptorBit, there is no evidence that they are related.
CryptoWall is essentially a new variant of CryptoDefense.
- ransom is $1000 USD.
- leaves files named DECRYPT_INSTRUCTION:
CTB Locker (Critroni, Onion) will encrypt all data files and rename them as a file with a .CTBL extension.
- Creates a image file called AllFilesAreLocked <user_id>.bmp in the My Documents/Documents folder.
- Creates a text file called DecryptAllFiles <user_id>.txt in the My Documents/Documents folder that contains ransom instructions.