The dropped file is '### DECRYPT MY FILEs ###'.txt'.
All the time I mentioned is HongKong time. On about 23 o'clock June 25th, windows defender of my computer (OS is windows 10, always auto-updated) reported two threaten: 'Ransom:Win32/CryptoLemPiz.A' (several times) and 'Trojan:Win64/SvcMiner.A' (one time). I was not there and when I get my computer on 9o'clock the next day(June 26th), I found that all the files on the desktop is missed and there are some software like '???unlocker' （sorry, I cannot clearly remember that name). I found the alert message of windows defender and then decide to install a antivirus software 'ESET NOD32 5.0.2126.3' with the newest virus database. Everything seems normal before 5 o'clock that day( I left after that time with the computer not shutting down).
Then on 10o'clock the next day( June 27th), I came to my computer to find that most file is encrypted with a post-fix of ‘id-xxxx_[firstname.lastname@example.org].i05fp’ and the hacker dropped a file name of '### DECRYPT MY FILEs ###'.txt'. I think when I get to my computer the hacking process was still going on. Because at that time I can still open some file and I found a software named ’processhacker' and then I delete it. After a while, nearly all files are encrypted. I wrote to the email address in the postfix and get a return mail asking 2 BTC for ransom. Now I de-internet the computer and don't know what to do next.
The dropped file cannot open on mu computer now because the Nod32 clean it every time I open it.
If anyone can help me or just want to analyze the hacker, I will be glad to provide further information as he ask.