To victims of the variant that does not change the extension and left "README.HTML" or "!README.HTML":
Can you verify something with your encrypted files? I think I may have found a way to at least identify encrypted files.
Please open a few encrypted files in a hex editor, and look for the following 32 bytes at the very beginning of the file (shown in hex, UTF-8, and ANSI below). You may use an online hex viewer such as this: http://www.onlinehexeditor.com.
F4 2D 24 0F 12 DF 4D 23 12 DF 4D 23 12 DF 4D 23 ô-$..ßM#.ßM#.ßM# .-$...M#..M#..M# 12 DF 4D 23 F4 2D 24 0F F4 2D 24 0F F4 2D 24 0F .ßM#ô-$.ô-$.ô-$. ..M#.-$..-$..-$.