Do you remember what the ransom note name, and or extension of it was? Looks like a form, so I would suspect either .html or .php. Based on the encrypted files and their filenames, I can only suspect it is using a block cipher of 16 bytes (e.g. AES), which is basically de-facto for ransomware. The filenames are encrypted and base64 encoded (with URL encoding, thus the %2B and %3D), which is quite interesting. The files themselves as you may have seen are encrypted then saved as base64, which is unnecessary for sure.
We'll definitely need a sample of the malware to analyze. I'm suspecting it could be a PHP script, just based on the odd choice of encoding.
If you could share more details about the web site itself in PM, I can see if they provide any clues. E.g. was it a CMS and what version.