First, apologies for having to resort to a help request. I've been trying to sort this on my own on and off for three days and had no luck. I did a search for recme in the forum before posting (first in search of help, but again just now to make sure it's not a duplicate topic).
All the files have the extension .recme on the end of them. I uploaded the ransom note and a sample file to the ID website and it came back saying it was amnesia based on the ransom note. Neither the old nor new amnesia decrypter worked, so I tried the ID website again, but without the note and it came back inconclusive (Please reference this case SHA1: f4920365ac5cfceb14db9648aa41a2afd3ac4550).
The ransom note e-mail address was firstname.lastname@example.org (from HOW TO RECOVER ENCRYPTED FILES.TXT)
I believe this hack was due to me foolishly leaving my RDP port as 3389 (I just did this a couple months ago). I'm otherwise pretty careful, but I suppose it is at least feasible I clicked on a malicious file.
When I logged on to the computer the morning after the attack, avast and malwarebytes were gone. I promptly installed them and Avast quarantined bgt.exe located in appdata/roaming, naming the thread IDP.Generic.
I will upload some encrypted files and originals to this link once I'm done with this post.
If anyone has time to help, let me know if I left off any useful information.