Did you backup/image the hard drive before reformatting?
Are there any obvious file extensions appended
to or with your encrypted data files? If so, what is the extension and is it the same for each encrypted file or is it different? Some types of ransomware will completely rename, encrypt or even scramble file names while others do not append any extensions.
The best way to identify the different ransomwares is the ransom note
(including it's name), samples of the encrypted files
, any obvious extensions appended
to the encrypted files, information related to any email addresses
provided by the cyber-criminals to request payment and the malware file
responsible for the infection.
Without the above information or if this is something new (or if there is no extension or filemarker in encrypted files), our crypto malware experts most likely will need a sample of the malware file itself to analyze before the type of infection can be confirmed. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here
with a link to this topic.